Kalyna block cipher available

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Kalyna block cipher available

Jeffrey Walton-3
Hi Everyone,

Kalyna is a Ukrainian block cipher with variable key and block sizes. Its now available in the the library. The tracking issue and commits of interest are:

* https://github.com/weidai11/cryptopp/issues/411
* https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad
* https://github.com/weidai11/cryptopp/commit/1d7dfc69274d

Its our first attempt at variable block sizes, so it may have some rough edges.

We also have a wiki page started at https://www.cryptopp.com/wiki/Kalyna. Its a work in progress.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Kalyna block cipher available

Jeffrey Walton-3


On Monday, May 8, 2017 at 2:15:57 AM UTC-4, Jeffrey Walton wrote:
Hi Everyone,

Kalyna is a Ukrainian block cipher with variable key and block sizes. Its now available in the the library. The tracking issue and commits of interest are:

* <a href="https://github.com/weidai11/cryptopp/issues/411" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;">https://github.com/weidai11/cryptopp/issues/411
* <a href="https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;">https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad
* <a href="https://github.com/weidai11/cryptopp/commit/1d7dfc69274d" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;">https://github.com/weidai11/cryptopp/commit/1d7dfc69274d

Its our first attempt at variable block sizes, so it may have some rough edges.

We also have a wiki page started at <a href="https://www.cryptopp.com/wiki/Kalyna" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;">https://www.cryptopp.com/wiki/Kalyna. Its a work in progress.

I got to run the cryptest.sh last night on Kalyna. I have good news and bad news...

The good news is Kalyna is testing good on nearly every platform. The bad news is, it failed on my 6th gen Skylake. The Skylake runs Fedora with GCC 6.3.1, and its known to be a little more rigid with respect to dotting i's and crossing t's. For example, Red Hat will run memcpy's in reverse, which breaks regular memcpy if the buffers overlap. Overlapping buffers are usually undefined behavior, but other compilers and platforms are usually more accommodating.

I'm guessing I introduced some undefined behavior. I'll track down the undefined behavior shortly.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Kalyna block cipher available

Jeffrey Walton-3

Kalyna is a Ukrainian block cipher with variable key and block sizes. Its now available in the the library. The tracking issue and commits of interest are:

* <a href="https://github.com/weidai11/cryptopp/issues/411" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;">https://github.com/weidai11/cryptopp/issues/411
* <a href="https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;">https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad
* <a href="https://github.com/weidai11/cryptopp/commit/1d7dfc69274d" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;">https://github.com/weidai11/cryptopp/commit/1d7dfc69274d

Its our first attempt at variable block sizes, so it may have some rough edges.

We also have a wiki page started at <a href="https://www.cryptopp.com/wiki/Kalyna" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;">https://www.cryptopp.com/wiki/Kalyna. Its a work in progress.

I got to run the cryptest.sh last night on Kalyna. I have good news and bad news...

The good news is Kalyna is testing good on nearly every platform. The bad news is, it failed on my 6th gen Skylake. The Skylake runs Fedora with GCC 6.3.1, and its known to be a little more rigid with respect to dotting i's and crossing t's. For example, Red Hat will run memcpy's in reverse, which breaks regular memcpy if the buffers overlap. Overlapping buffers are usually undefined behavior, but other compilers and platforms are usually more accommodating.

I'm guessing I introduced some undefined behavior. I'll track down the undefined behavior shortly.

Yeah, it was UB from the cache timing attack hardening (commit 9cf9f4235d52). A out-of-bounds read was performed. Bad code which tries to access S[256] (from an array of S[4][256]):

    word32 u ...;
    for (unsigned int i=0; i<256; i+=cacheLineSize)
         u &= *reinterpret_cast<const word32*>(KalynaTab::S+i);

Good code:

    word64 u ...;
    const byte* p = reinterpret_cast<const byte*>(KalynaTab::S);
    for (unsigned int i=0; i<256; i+=cacheLineSize)
        u &= *reinterpret_cast<const word64*>(p+i);

If anyone is interested, UBSan identified the problem. 'make ubsan' to the rescue!

Jeff


--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Kalyna block cipher available

Jeffrey Walton-3
In reply to this post by Jeffrey Walton-3

Kalyna is a Ukrainian block cipher with variable key and block sizes. Its now available in the the library. The tracking issue and commits of interest are:

* <a href="https://github.com/weidai11/cryptopp/issues/411" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;">https://github.com/weidai11/cryptopp/issues/411
* <a href="https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;">https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad
* <a href="https://github.com/weidai11/cryptopp/commit/1d7dfc69274d" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;">https://github.com/weidai11/cryptopp/commit/1d7dfc69274d

Its our first attempt at variable block sizes, so it may have some rough edges.

We also have a wiki page started at <a href="https://www.cryptopp.com/wiki/Kalyna" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;">https://www.cryptopp.com/wiki/Kalyna. Its a work in progress.

More bad news...

The Kalyna team got back to us with test vectors for other modes (formerly we only had them for ECB). CBC encryption looks good, but CBC decryption is sideways. Both NoPadding and PKCSPadding are producing bad results.

I have not identified the issue yet, but I don't believe its a simple memory error. If the initial survey is correct, then it looks like a filter problem. I think there's a bad interaction between the VariableBlockSize gear and the existing framework.

I think the worse case is, we have to fold VariableBlockSize into SimpleKeyingInterface. That's kind of how the library is wired (nearly everything with a symmetric key depends on SimpleKeyingInterface). I tired to avoid polluting SimpleKeyingInterface by keeping VariableBlockSize separate, but it may not be a viable solution.

The best case is I missed something obvious, like an override somewhere. But its not jumping out at me.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Kalyna block cipher available

Jeffrey Walton-3
In reply to this post by Jeffrey Walton-3

Kalyna is a Ukrainian block cipher with variable key and block sizes. Its now available in the the library. The tracking issue and commits of interest are:

* <a href="https://github.com/weidai11/cryptopp/issues/411" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fissues%2F411\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHv1KqDY5kQqcyB8fIr6ck44Jxdjg&#39;;return true;">https://github.com/weidai11/cryptopp/issues/411
* <a href="https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2Fa5c67cfdd6ad\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHRFWh33nywTuV8m4QP9hf5wa4kRQ&#39;;return true;">https://github.com/weidai11/cryptopp/commit/a5c67cfdd6ad
* <a href="https://github.com/weidai11/cryptopp/commit/1d7dfc69274d" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fweidai11%2Fcryptopp%2Fcommit%2F1d7dfc69274d\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGiRSOWkV3rb_N91oU8InDWHfWo5Q&#39;;return true;">https://github.com/weidai11/cryptopp/commit/1d7dfc69274d

Its our first attempt at variable block sizes, so it may have some rough edges.

We also have a wiki page started at <a href="https://www.cryptopp.com/wiki/Kalyna" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cryptopp.com%2Fwiki%2FKalyna\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEvli5IbkpU7ksItsfGv3-TgYzUNQ&#39;;return true;">https://www.cryptopp.com/wiki/Kalyna. Its a work in progress.

The last of the changes for variable block ciphers and Kalyna was checked in last night and today. Testing need a few more tweaks, including the ability to change padding schemes on the fly. We also found we did not need the "EncrpytBlockSize" test (we could just use "Encrypt" instead).

The commits of interest are the following. The first one cleared the CBC decryption issue.

    * https://github.com/weidai11/cryptopp/commit/3bee1f57cf9b
    * https://github.com/weidai11/cryptopp/commit/b2a6ba460fc8
    * https://github.com/weidai11/cryptopp/commit/d236cf1277bf

I believe Kalyna is now production ready.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Loading...