Churning (cipher)
   HOME

TheInfoList



Click Here for Items Related To - Churning (cipher)
OR:
Churning (cipher) on:   [Wikipedia]   [Google]   [Amazon]

Churning is an encryption function used to scramble downstream user data of the ATM
passive optical network A passive optical network (PON) is a fiber-optic telecommunications technology for delivering broadband network access to end-customers. Its architecture implements a point-to-multipoint topology in which a single optical fiber serves multiple en ...
system defined by the
ITU The International Telecommunication Union is a specialized agency of the United Nations responsible for many matters related to information and communication technologies. It was established on 17 May 1865 as the International Telegraph Unio ...
G.983 ITU-T Recommendation G.983 is a family of recommendations that defines broadband passive optical network (BPON) for telecommunications Access networks. It originally comprised ten recommendations, G.983.1 through G.983.10, but recommendations .6 ...
.1 standard. The standard states that churning "offers a low level of protection for data confidentiality". Cryptanalysis had shown that "the churning cipher is robustly weak".


Algorithm

Churning uses 24 bits of the key, designated X1..X8 and P1..P16. Ten static K bits are generated from the key: K1 = (X1×P13×P14) + (X2×P13×not P14) + (X7×not P13×P14) + (X8×not P13×not P14) K2 = (X3×P15×P16) + (X4×P15×not P16) + (X5×not P15×P16) + (X6×not P15×not P16) K3 = (K1×P9) + (K2×not P9) K4 = (K1×not P9) + (K2×P9) K5 = (K1×P10) + (K2×not P10) K6 = (K1×not P10) + (K2×P10) K7 = (K1×P11) + (K2×not P11) K8 = (K1×not P11) + (K2×P11) K9 = (K1×P12) + (K2×not P12) K10 = (K1×not P12) + (K2×P12) The churning transforms eight bits into eight bits: (Z1..Z4) = TransformNibble(Y1..Y4, K1, P1, K3, K2, P2, K4, K1, K3, K5, K2, P4, K6) (Z5..Z8) = TransformNibble(Y5..Y8, K1, P5, K7, K2, P6, K8, K1, P7, K9, K2, P8, K10)


Cryptanalysis

The cryptanalysis had shown the cipher to be effectively broken in more than one way: * the cipher pretends to be using a 24-bit key, but the effective key length is 8 bit, making a full search attack trivial * being a
substitution cipher In cryptography, a substitution cipher is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key; the "units" may be single letters (the most common), pairs of letters, trip ...
, churning is easily attacked using the standard attacks against this class of ciphers * the churning function is entirely linear, so it can be broken using linear algebra.


Triple churning

Due to extreme weakness of the churning cipher, PON systems frequently use the "triple churning" technique, where the three churning operations are combined with two XORs with adjacent data in the stream.


Patents

PMC Sierra PMC-Sierra was a global fabless semiconductor company with offices worldwide that developed and sold semiconductor devices into the storage, communications, optical networking, printing, and embedded computing marketplaces. On January 15, 2016, ...
holds patents on triple churning ().


Sources

* ITU-T Recommendation G.983.1. Broadband optical access systems based on Passive Optical Networks (PON). 13 October 1998.


References

{{reflist Broken block ciphers