54:
K1 = (X1×P13×P14) + (X2×P13×not P14) + (X7×not P13×P14) + (X8×not P13×not P14) K2 = (X3×P15×P16) + (X4×P15×not P16) + (X5×not P15×P16) + (X6×not P15×not P16) K3 = (K1×P9) + (K2×not P9) K4 = (K1×not P9) + (K2×P9) K5 = (K1×P10) + (K2×not P10) K6 = (K1×not P10) + (K2×P10) K7 = (K1×P11) + (K2×not P11) K8
100:
Due to extreme weakness of the churning cipher, PON systems frequently use the "triple churning" technique, where the three churning operations are combined with two XORs with adjacent data in the stream.
69:(Z1..Z4) = TransformNibble(Y1..Y4, K1, P1, K3, K2, P2, K4, K1, K3, K5, K2, P4, K6) (Z5..Z8) = TransformNibble(Y5..Y8, K1, P5, K7, K2, P6, K8, K1, P7, K9, K2, P8, K10)
127:
ITU-T Recommendation G.983.1. Broadband optical access systems based on
Passive Optical Networks (PON). 13 October 1998.
81:
the cipher pretends to be using a 24-bit key, but the effective key length is 8 bit, making a full search attack trivial
179:
20:
158:
23:
153:
36:
The standard states that churning "offers a low level of protection for data confidentiality".
152:. IEEE International Conference on Communications (ICC 2002), Optical Networking Symposium.
8:
85:
88:, churning is easily attacked using the standard attacks against this class of ciphers
77:
The cryptanalysis had shown the cipher to be effectively broken in more than one way:
55:= (K1×not P11) + (K2×P11) K9 = (K1×P12) + (K2×not P12) K10 = (K1×not P12) + (K2×P12)
91:
the churning function is entirely linear, so it can be broken using linear algebra.
114:
173:
37:
109:
19:
is an encryption function used to scramble downstream user data of the
48:
Churning uses 24 bits of the key, designated X1..X8 and P1..P16.
30:
27:
40:
had shown that "the churning cipher is robustly weak".
148:
Wave, Stephen Thomas; Thomas, Stephen; Wagner, David.
171:
150:Insecurity in ATM-based passive optical networks
51:Ten static K bits are generated from the key:
147:
157:
172:
143:
141:
13:
138:
112:holds patents on triple churning (
95:
14:
191:
72:
58:The churning transforms eight
1:
131:
43:
7:
10:
196:
121:
104:
24:passive optical network
26:system defined by the
115:U.S. patent 7,646,870
180:Broken block ciphers
86:substitution cipher
187:
164:
163:
161:
145:
117:
62:bits into eight
195:
194:
190:
189:
188:
186:
185:
184:
170:
169:
168:
167:
146:
139:
134:
124:
113:
107:
98:
96:Triple churning
75:
70:
65:
61:
56:
46:
12:
11:
5:
193:
183:
182:
166:
165:
136:
135:
133:
130:
129:
128:
123:
120:
106:
103:
97:
94:
93:
92:
89:
82:
74:
71:
68:
63:
59:
53:
45:
42:
9:
6:
4:
3:
2:
192:
181:
178:
177:
175:
160:
159:10.1.1.67.195
155:
151:
144:
142:
137:
126:
125:
119:
116:
111:
102:
90:
87:
83:
80:
79:
78:
73:Cryptanalysis
67:
52:
49:
41:
39:
38:Cryptanalysis
34:
33:.1 standard.
32:
29:
25:
22:
18:
149:
108:
99:
76:
57:
50:
47:
35:
16:
15:
132:References
110:PMC Sierra
154:CiteSeerX
44:Algorithm
174:Category
84:being a
17:Churning
122:Sources
105:Patents
156:
66:bits:
31:G.983
118:).
28:ITU
21:ATM
176::
140:^
162:.
64:Z
60:Y
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.