Churning (cipher)

Churning (cipher)

Churning is an encryption function used to scramble downstream user data of the ATM passive optical network system defined by the ITU G.983.1 standard.

The standard states that churning "offers a low level of protection for data confidentiality". Cryptanalysis had shown that "the churning cipher is robustly weak".[1]

Contents

Algorithm

Churning uses 24 bits of the key, designated X1..X8 and P1..P16.

Ten static K bits are generated from the key:

K1 = (X1*P13*P14) + (X2*P13*not P14) + (X7*not P13*P14) + (X8*not P13*not P14)
K2 = (X3*P15*P16) + (X4*P15*not P16) + (X5*not P15*P16) + (X6*not P15*not P16)
K3 = (K1*P9) + (K2*not P9)
K4 = (K1*not P9) + (K2*P9)
K5 = (K1*P10) + (K2*not P10)
K6 = (K1*not P10) + (K2*P10)
K7 = (K1*P11) + (K2*not P11)
K8 = (K1*not P11) + (K2*P11)
K9 = (K1*P12) + (K2*not P12)
K10 = (K1*not P12) + (K2*P12)

The churning transforms eight Y bits into eight Z bits:

(Z1..Z4) = TransformNibble(Y1..Y4, K1, P1, K3, K2, P2, K4, K1, K3, K5, K2, P4, K6)
(Z5..Z8) = TransformNibble(Y5..Y8, K1, P5, K7, K2, P6, K8, K1, P7, K9, K2, P8, K10)

Cryptanalysis

The cryptanalysis[1] had shown the cipher to be effectively broken in more than one way:

  • the cipher pretends to be using a 24-bit key, but the effective key length is 8 bit, making a full search attack trivial
  • being a substitution cipher, churning is easily attacked using the standard attacks against this class of ciphers
  • the churning function is entirely linear, so it can be broken using linear algebra.

Triple churning

Due to extreme weakness of the churning cipher, PON systems frequently use the "triple churning" technique, where the three churning operations are combined with two XORs with adjacent data in the stream.

Patents

PMC Sierra holds patents on triple churning (U.S. Patent 7,646,870).

Sources

  • ITU-T Recommendation G.983.1. Broadband optical access systems based on Passive Optical Networks (PON). 13th of October 1998.

References

  1. ^ a b Stephen Thomas Wave, Stephen Thomas, David Wagner. Insecurity in ATM-based passive optical networks. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium.

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Churn — may refer to: Butter churn, a device used for churning butter Churning (butter), the process of creating butter out of milk or cream Churn drill, a large, older drilling machine that bores large diameter holes in the ground Contents 1 People and… …   Wikipedia

  • break — I. verb (broke; broken; breaking) Etymology: Middle English breken, from Old English brecan; akin to Old High German brehhan to break, Latin frangere Date: before 12th century transitive verb 1. a. to separate into parts with suddenness or… …   New Collegiate Dictionary

  • List of mayors of Oakland, California — This is the list of mayors of the city of Oakland, California, which was founded in 1852. It was incorporated as a city in 1854. Until the early twentieth century, all Oakland mayors served terms of only one or two years each. Contents 1 Terms 2… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”