{"id":12751,"date":"2021-05-20T12:20:16","date_gmt":"2021-05-20T06:50:16","guid":{"rendered":"https:\/\/www.varutra.com\/?p=12751"},"modified":"2022-12-02T12:42:21","modified_gmt":"2022-12-02T07:12:21","slug":"sweet32-birthday-attack-approach","status":"publish","type":"post","link":"https:\/\/www.varutra.com\/varutravrt3\/sweet32-birthday-attack-approach\/","title":{"rendered":"Sweet32 Birthday Attack Approach"},"content":{"rendered":"


\nIn this blog, we are going to understand one of the TLS\/SSL attacks i.e., Sweet32 Birthday Attack Approach.<\/p>\n

Mostly Sweet32 birthday attack is found in networks where block ciphers of smaller size are being used. Block ciphers are commonly used in protocols like TLS, SSH, IPSEC, Open VPN, etc. Popularly used block cipher algorithms in cryptographic protocols listed above are AES, Triple-DES, Blowfish, which are used to encrypt data between clients and servers.<\/p>\n

Block ciphers will be the most common term that will be used throughout this blog. So first let us just get an idea of what is cipher, what is block cipher, and why are they used.<\/p>\n

 <\/p>\n

Cipher and Block Ciphers: <\/strong><\/h3>\n

A Cipher is basically an algorithm or function which is used to encrypt and decrypt the data. There are many ciphers out there with different levels (range) of complexity.<\/p>\n

Ciphers can be divided into different categories like substitution cipher, transposition cipher, Stream ciphers and block ciphers, etc.<\/p>\n

Here we are particularly interested in block ciphers. So what exactly are block ciphers?<\/p>\n

Block ciphers are a type of symmetric algorithm. As the name implies, rather than bit-by-bit these ciphers encrypt plaintext in blocks. Block length in ciphers determines the size of chunks into which the plaintext is split and after that, they will be encrypted. Block length is independent of the key size. Different modes of block cipher are CBC, CTR, GCM, OCB, etc.<\/p>\n

Block ciphers are usually used with a specific mode of operation. These modes of operations are used to deal with the arbitrary length of messages.<\/p>\n

Basically, CBC is a mode in block ciphers where the block is initially exclusively XOR\u2019ed with the previous block of plain text and then it is encrypted. This resulted in the encrypted block is after that used for XORing and encrypting the next block of a cipher.<\/p>\n

CBC is secure up to2^{n\/2} block of message. CBC ciphers are mostly vulnerable to birthday attacks when the message is 2n<\/sup><\/em>\/2<\/sup> block of messages, and these messages are encrypted with the same key. In this case, a collision is most likely to happen between any 2 blocks of ciphertexts.<\/p>\n

The birthday binding corresponds to 256 EB with a modern block cipher with 128-bit blocks such as AES. The birthday bound, however, corresponds to only 32 GB for a block cipher with 64-bit blocks, which is easily accomplished in practice.<\/p>\n

At a time when 64-bit block ciphers, such as Triple-DES and Blowfish, were still deemed powerful, many of the most popular Internet security protocols, such as TLS, SSH, and IPsec, were standardized. For instance, in TLS 1.0 and 1.1, the mandatory encryption algorithm is Triple-DES, so it is implemented by all TLS libraries and supported by most web servers.<\/p>\n

 <\/p>\n

Before trying to understand what exactly the sweet32 birthday attack is and what happens in this attack, we will try to understand one of the algorithms that are vulnerable to the sweet32 birthday attack, and that is Triple-DES also called 3DES.<\/p>\n

 <\/p>\n

DES and Triple-DES algorithm:<\/strong><\/h3>\n

Triple-DES is a symmetric key algorithm used to encrypt and decrypt plain-text data. 3DES has 2 types: one is 2 key 3DES and 3 key 3DES. Working of 3DES is shown using the flow chart shown below:<\/p>\n

\"Encryption<\/p>\n

Fig: Encryption and decryption process in 3-key 3DES algorithm<\/u>.<\/p>\n

The encryption and decryption process in triple DES is as shown above in the figure, K1 is used in the first DES cipher, K2 is used in reverse DES, and K3 is used in the last step.<\/p>\n

For 2 key 3DES, the first key the same 3step process is followed, the only difference is that the first step i.e. DES cipher uses K1, then the second step i.e. DES reverse cipher is performed using K2 and the last step i.e. DES cipher is performed uses K1. Hence we only need 2 keys K1 and K2.<\/p>\n

Looking at the figure, we might think about what happens in DES and reverse DES.<\/p>\n

\"Working<\/p>\n

Fig: Working overview of DES algorithm.<\/u><\/p>\n

The figure shows an overview of the working of the DES algorithm. Initially, a 64-bit plain text is given to the algorithm, which then processes the same to a 64-bit ciphertext. What happens in between the process is a bit tricky to understand. Let\u2019s try to understand the working of DES now.<\/p>\n

Firstly an Initial permutation is performed on the 64-bit plain text. The key in DES is originally is of 64-bit but a 56-bit key is used in the algorithm. By omitting every 8th<\/sup> bit in the key, a 64-bit key is converted into a 56-bit key. After there are 16 rounds of operation performed on the plain text. Once these 16 rounds are done, DES with performing the final permutation and a 64-bit ciphertext is finally obtained.<\/p>\n

In those 16 rounds of encryption, the following process is followed.<\/p>\n

\"Detailed<\/p>\n

Fig: Detailed working of DES.<\/u><\/p>\n

The above figure shows the process of DES along with the process of 16 rounds of encryption. After the Initial permutation, 16 rounds of encryption is done using the Feistel cipher structure. The plain text is divided into 2 equal parts, 32-bit Left plain text and 32-bit right plain text. The right plain text block is replaced as the Left plain text block in the next round of encryption, and also this block undergoes from some functions \u201cf\u201d which again is XORed with the left plain text and then is passed as the right plain text block for the next round of encryption. The second round of encryption can be represented as equations as follows:<\/p>\n