Churning (cipher)

Churning is an encryption function used to scramble downstream user data of the ATM passive optical network system defined by the ITU G.983.1 standard.

The standard states that churning "offers a low level of protection for data confidentiality". Cryptanalysis had shown that "the churning cipher is robustly weak".[1]

Algorithm

Churning uses 24 bits of the key, designated X1..X8 and P1..P16.

Ten static K bits are generated from the key:

K1 = (X1*P13*P14) + (X2*P13*not P14) + (X7*not P13*P14) + (X8*not P13*not P14)
K2 = (X3*P15*P16) + (X4*P15*not P16) + (X5*not P15*P16) + (X6*not P15*not P16)
K3 = (K1*P9) + (K2*not P9)
K4 = (K1*not P9) + (K2*P9)
K5 = (K1*P10) + (K2*not P10)
K6 = (K1*not P10) + (K2*P10)
K7 = (K1*P11) + (K2*not P11)
K8 = (K1*not P11) + (K2*P11)
K9 = (K1*P12) + (K2*not P12)
K10 = (K1*not P12) + (K2*P12)

The churning transforms eight Y bits into eight Z bits:

(Z1..Z4) = TransformNibble(Y1..Y4, K1, P1, K3, K2, P2, K4, K1, K3, K5, K2, P4, K6)
(Z5..Z8) = TransformNibble(Y5..Y8, K1, P5, K7, K2, P6, K8, K1, P7, K9, K2, P8, K10)

Cryptanalysis

The cryptanalysis[1] had shown the cipher to be effectively broken in more than one way:

Triple churning

Due to extreme weakness of the churning cipher, PON systems frequently use the "triple churning" technique, where the three churning operations are combined with two XORs with adjacent data in the stream.

Patents

PMC Sierra holds patents on triple churning (U.S. Patent 7,646,870).

Sources

References

  1. 1 2 Wave, Stephen Thomas; Thomas, Stephen; Wagner, David. Insecurity in ATM-based passive optical networks. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium. CiteSeerX 10.1.1.67.195Freely accessible.
This article is issued from Wikipedia - version of the 11/13/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.