Implementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001
|
|
- Beverley Carr
- 6 years ago
- Views:
Transcription
1 Implementation and Performance analysis of Skipjack & Rijndael Algorithms by Viswnadham Sanku ECE646 Project Fall-2001
2 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. OBJECTIVE 3 2. SKIPJACK CIPHER CIPHER OPERATIONS DESIGN PRINCIPLES CRYPTANALYSIS IMPLEMENTATION & TESTING 5 PKCS#5 PADDING OPTIMIZATION TECHNIQUES RESULTS 6 3. RIJNDAEL CIPHER CIPHER OPERATIONS DESIGN PRINCIPLES CRYPTANALYSIS IMPLEMENTATION & TESTING 11 PKCS#5 PADDING OPTIMIZATION TECHNIQUES RESULTS COMPARISION OF SKIPJACK VS RIJNDAEL PROBLEMS ENCOUNTERED CONCLUSIONS 15
3 1. OBJECTIVE The main objective of this project is to implement and analyze the performances of two efficient and secure secret-key block ciphers Skipjack and Rijndael. The purpose of doing this is to get a good insight into the working of secret-key ciphers and to explore better ways of implementation with the help of different optimization techniques. The ciphers are implemented on two different platforms, MS Visual C(Windows) and GNU C (Linux). Then speeds of operation on single block of data is measured using CPU clock cycles. Then the speeds achieved by my implementation is compared against different other implementations found in the public domain. A measure of diffusion is taken for each round of operation, to see how good the diffusio n is at different levels. Finally the two ciphers are compared against each other and the reasons for the differences in their performances are listed. 2. SKIPJACK CIPHER Skipjack is the secret key encryption algorithm designed by the NSA and is used in the Clipper chip and Fortezza PC card. It was implemented in tamper-resistant hardware and its structure had been classified since its introduction in Skipjack was unclassified on June 24 th, CIPHER OPERATIONS Skipjack is block cipher that uses 64-bit block size and 80-bit key. There are total 32 rounds in encryption and 32 rounds in decryption. Skipjack uses two different types of round functions, RuleA and RuleB for encryption and RuleA -1 and RuleB -1 for decryption. Encryption consists of 8 RuleA, and 8 RuleB, 8 RuleA and 8 RuleB rounds. Decryption consists of 8 RuleB -1, 8 RuleA -1, 8 RuleB -1 and 8 RuleA -1 rounds. The 64-bit block is internally divided into four 16-bit words. And in each round a keyed non-linear permutation is applied to one word from the block. Each of the 32 rounds uses 4 byte subkey. 10 byte key is repeated itself to make it 128 byte. G/G -1 permutation is applied to one word in each Rule. This G permutation uses a F table, which is a byte substitution table. The G permutation carries the linear operation of mixing the bytes and no-linear operation of substitution. ENCRYPTION 64 bits DECRYPTION 64 bits 8 Rounds (Rule A) 8 Rounds (Rule B -1 ) 8 Rounds (Rule B) 8 Rounds (Rule A -1 ) 8 Rounds (Rule A) 8 Rounds (Rule B -1 ) 8 Rounds (Rule B) 8 Rounds (Rule A -1 ) 64 bits 64 bits
4 RuleA RuleB G G Counter Counter RuleA -1 W1 W2 W 3 W4 RuleB -1 G -1 G -1 Counter Counter G Permutation G -1 Permutation g1(high) g2(low) g1(high) g2(low) CV 4k CV 4k3 F F CV 4k1 F F CV 4k2 CV4k2 CV 4k1 F F CV 4k3 F F CV 4k g1(high) g2(low) g1(high) g2(low)
5 2.2 DESIGN PRINCIPLES Symmetry. Skipjack encryption and decryption have the same symmetrical structure. This principle simplifies the task of implementation. And it ensures identical security against chosen plaintext and chosen ciphertext attacks. Not too much Symmetry. Symmetry sometimes allows for clever cryptanalytic attacks. In Skipjack symmetry is broken with round counters. round counters appear to prevent most attacks that attempt to exploit their symmetry, while retaining the equivalence between chosen-plaintext and chosen-ciphertext security against very large class of attacks. A Round before B Round. A rounds exhibit better diffusion than B rounds and hence makes it harder to peek deep inside the cipher rounds. So A rounds are used before B rounds in encryption direction. A -1 rounds exhibit weaker diffusion than B -1 rounds. So B -1 is used before A -1 in decryption direction. 8A, 8B Rounds. Any number of rounds less than 8 are vulnerable to cryptanalysis attacks, especially truncated differential cryptanalysis. 80-bit Key. With longer key size differential style attacks have lower complexity than exhaustive key search. Shorter keys are too weak to resist exhaustive key search. So 80-bit key length is an effective compromised key length. 2.3 CRYPTANALYSIS Bad interactions between the round-types, i.e A and B Rounds interact poorly where they are applied in consecutive rounds. Because of this the transitions between round types appear to reduce security. Less diffusion in B rounds and A -1 rounds A Round mixes the output of the G permutation to the input of the next G permutation, while Rule B mixes the input of a G permutation to the output of the previous G permutation, and thus during encryption the Rule B rounds add little to the avalanche effect, and during decryption Rule A rounds add little to the avalanche effect. A difference of one input bit in the F Table may cause a difference of only one bit in its output. Lars R. Knudsen, M.J.B. Robshaw, David Wagner, have shown that there are 24 round truncated differentials with probability 1, which can be extended to attacks on up to 28 rounds skipjack. Eli Biham had shown an attack on 31round skipjack using impossible differentials. 2.4 IMPLEMENTATION & TESTING This cipher is implemented under two platforms MS VC (Windows 350MHz Pentium II) and gnu C (Linux 500MHz Pentium III). Implemented is done for 5 different modes of operation ECB, CBC, CFB, OFB and CTR modes, all in 64-bit mode. Functions to carry out speed calculations in cpu clock cycle counts and functions that perform diffusion calculation are implemented. Testing procedures for Known Answer Tests that test the correctness of the implementation and Monte Carlo Tests that checks the modes of operation are also incorporated into the implementation.
6 PKCS#5 PADDING Since Skipjack operates on block of 64 bits, if the input data size is not a multiple of 64 then padding has to be done before encryption, to make the input size a multiple of 64. The padded bits are to be removed after decryption. PKCS#5 is the recommended padding technique used in Skipjack. Let n be the length in bytes of the input. Pad the input by appending 8 - (n mod 8) bytes to the end of the message, each having the value 8 - (n mod 8), the number of bytes being added. 2.5 OPTIMIZATION TECHNIQUES To optimize the speed used three different techniques. Operations on integers, except Gfunction. Since Integer oprations are faster than operations on other data types like short/long. Unrolling the rounds instead of using loops. #define macro substitutions. This reduces run-time overtime of function call. There are other possible techniques which I have not used in my implementation are With prior key knowledge, subkey table representing the Gpermutaion function ftable[inbyte ^ keybyte] Data movement can be minimized by rotating the names of variables w1,w2,w3, w4 instead of the contents of the words. 2.6 RESULTS The following graph shows the speeds of operation on a single block of data. And it can be seen that my implementation gave a better performance on VC than GNU C. This is because other implementation are optimized for GNU C while mine is optimized for VC platform.
7 The following graph shows the results of encryption and decryption speeds using clock cycle count and cpu time on a 51Mbytes size file. It is evident from the results that the speed dropped by 40%, as the file size is large and hence most the time is spent on file operations rather than cipher operations. Also the time difference between the usage of clock cycle count and cpu time is very small. The following graph shows the result of Monte Carlo Tests in two different modes ECB, MCT. This test carries out 400 x rounds of encryption and decryption on a single block of data. The following graph shows diffusion for encryption and decryption. It can be observed that the diffusion around 25% after the first round and 50% after 32 rounds.
8 3. RIJNDAEL CIPHER Rijndael is a block cipher designed Joan Daemen and Vincent Rijmen. This cipher is selected as proposed AES by NIST, and will probably be official sometime spring This is flexible key size and block size cipher. 3.1 CIPHER OPERATIONS Keys lengths of 128, 192, or 256 bits or more and blocks lengths of 128, 192 or 256 bits or more are supported. Block length and key length can be extended to multiples of 32 bits. Number of rounds depend on block and key lengths. Each round transformation is composed of four different transformation, ByteSub, ShiftRow, MixColumn and AddRoundKey, except the final round, which does not have MixColumn. Intermediate cipher result is called the State. Number of rounds is calculated using following formula. Number of rounds = Max(NB, NK) 6 NB = # of 32-bit blocks in input block NK = # of 32-bit blocks in key Rijndael operations uses Galois field arithmatic. Inverse ByteSub uses inverse S-box. Inverse ShiftRow shifted in other direction. For MixColumn c(x) = 03 x 3 01 x 2 01 x 02. For InverseMixColumn d(x) = 0B x 3 0d x 2 09 x 0E polynomials are used. Encryption 128/192/256 bit block 128/192/256 bit Round Transformation 128/192/256 bit block Key Addition round key ByteSub MAX(NB,NK) 4-1 Round Transformations ShiftRow MixColumn Final Transformation 128/192/256 bit cipher AddRoundKey 128/192/256 b round key Final Transformation 128/192/256 bit block ByteSub ShiftRow AddRoundKey 128/192/256 bit round key
9 Decryption 128/192/256 bit block 128/192/256 bit Inverse Round Transformation 128/192/256 bit block Key Addition inverse round key Inv ByteSub MAX(NB,NK) 4-1 Inv Round Transformations Inv ShiftRow Inv MixColumn Inv Final Transformation 128/192/256 bit cipher AddRoundKey 128/192/256 bi inverse round k Inverse Final Transformation 128/192/256 bit block Inv ByteSub Inv ShiftRow AddRoundKey 128/192/256 bit inverse round key
10 Key Expansion Key is expanded and used using the following rules. Expanded key size = NB * (NR1). Each round key consists of next NB 32-bit blocks taken from expanded key. Inverse round key is obtained by applying InvMixColumn to all Round Keys except the first and the last one One single round transformation is depicted as follows. 3.2 DESIGN PRINCIPLES Symmetry in encryption & decryption protects against choosen plaintext and chosen ciphertext attacks Linear-mixing layer (ShiftRow & MixColumn) which gaurentees high diffusion and Non-linear S-boxes. Protects against linear and differential cryptanalysis. Non-Feistel round transformation. 3.3 CRYPTANALYSIS Rijndael has adequate security margin, against linear and differential cryptanalysis, as well as other type of attacks Square attack can be used to break 7 rounds of the cipher Niels Ferguson showed attacks on 8 rounds of cipher for key sizes 192 & 256 bits
11 3.4 IMPLEMENTATION & TESTING This cipher is implemented under two platforms MS VC (Windows 350MHz Pentium II) and gnu C (Linux 500MHz Pentium III). Implemented to support block size of 128 bits and key sizes of 128/192/256 bits. Implementation is done for 5 different modes of operation ECB, CBC, CFB, OFB and CTR modes, all in 128-bit mode. Functions to carry out speed calculations in cpu clock cycle counts and functions that perform diffusion calculation are implemented. Testing procedures for Known Answer Tests that test the correctness of the implementation and Monte Carlo Tests that checks the modes of operation are also incorporated into the implementation. PKCS#5 PADDING Since Rijndael operates on block of say 128 bits, if the input data size is not a multiple of 128, then padding has to be done before encryption, to make the input size a multiple of 128. The padded bits are to be removed after decryption. PKCS#5 is the recommended padding technique used in Skipjack. Let n be the length in bytes of the input. Pad the input by appending 16 - (n mod 16) bytes to the end of the message, each having the value 16 - (n mod 16), the number of bytes being added. 3.5 OPTIMIZATION TECHNIQUES To optimize the speed used three different techniques. #define macro substitutions. This reduces run-time overtime of function call. Use pre calculated tables in place of (ByteSubShiftRowMixColumn) Transforms. These tables can be calculated as shown the diagram below. a0 b0 c0 d0 a1 b1 c1 d1 a2 b2 c2 d2 a3 b3 c3 0 d3 S-box A0 B0 C0 D0 A1 B1 C1 D1 A2 B2 C2 D2 A3 B3 C3 0 D3 Shift A0 B0 C0 D0 B1 C1 D1 A1 C2 D2 A2 B2 D3 A3 B3 0 C3 M i x 2A0 ^ 3B1 ^ C2 ^ D3 A0 ^ 2B1 ^ 3C2 ^ D3 A0 ^ B1 ^ 2C2 ^ 3D3 3A0 ^ B1 ^ C2 ^ 2D3 Table1 = S(2X) S(X) S(X) S(3X) Table1
12 3.6 RESULTS The following graph shows the speeds of operation on a single block of data. And it can be seen that my implementation gave a better performance than Rijmen implementation and less than Gladman performance on VC. On Gnu C it is Rijmen's that is better than mine. This is because Rijmen's implementation is optimized for GNU C while mine is optimized for VC platform. The following graphs show the key setup cycles. On VC the cycle count for my implementation and Rijmen's show total cycles for set up of encryption and decryption keys. But Gladman uses only one key setup. On Gnu C, since I could not able to get clock cycle count, used cpu time and measured the key setup speed for different key sizes.
13 The following graph shows the results of encryption and decryption speeds using clock cycle count and cpu time on a 51Mbytes size file. It is evident from the results that the speed dropped by 40%, as the file size is large and hence most the time is spent on file operations rather than cipher operations. Also the time difference between the usage of clock cycle count and cpu time is very small. The following graph shows the result of Monte Carlo Tests in two different modes ECB, MCT. This test carries out 400 x rounds of encryption and decryption on a single block of data.
14 The following graph shows diffusion for encryption and decryption. It can be observed that the diffusion of only 4 bits out of 128 after the first round in encryption. This only happens for 128 bit key for other keys the diffusion is around 50% in the first round itself. Also the diffusion in each round is around 50%. This indicates a very good diffusion. 4. COMPARISION OF SKIPJACK VS RIJNDAEL The Best possible speeds I could able to achieve for Skipjack = 9 Mhz and Rijndael = 27 Mhz (128 bit block&key). This clearly indicates that Rijndael is many times faster than Skipjack. Major contribution to the differen ce is the number of rounds (skipjack = 32, Rijndael = 10) and then the round transformation tables used in Rijndael. Skipjack G permutation is applied to one 16-bit word in each round. While Rindael round transformation (ByteSubShiftMix) is applied to every byte of the block, and hence gaurentees a very good diffusion. Rijndael has pretty good security margin compared to Skipjack. 5. PROBLEMS ENCOUNTERED Clock cycle counter code would not work with MSVC, because the code used constants CPUID, RDTSC, which the compiler can not understand. Instead they have to be force fed to the compiler using _emit instruction along with the opcode.
15 double cycles(void) { unsigned long hi,lo; asm { _emit 0x60 //PUSHAD: Save all registers _emit 0x0f _emit 0xa2 //CPUID: Serialize instruction execution _emit 0x0f _emit 0x31 //RDTSC: Read clock cycle count into A,D mov lo,eax mov hi,edx //Get values from A,D registers _emit 0x61 } //POPAD: Restore the registers return * hi lo; // 2^32 * hi lo } Though the constants CPUID, RDTSC works with GNU C compiler, the count is not returning proper cycle count values. So I had to depend on the absolute time functions. I Could not able to figure it out Yet. 6. CONCLUSIONS Rijndael is more flexible cipher than skipjack since Rijndael supports different block sizes and different key sizes, while Skipjack supports only 64 bit block and 80 bit key. Rijndael is more secure than Skipjack, since the minimum key size in Rijndael is 128 bit while that in skipjack is 80 bit. Rijndael yields greater speeds than skipjack with proper optimized implementations. To implement a cipher it is very important to analyze the cipher. So that the implementation can be optimized to yield far better performances than the straight forward implementation. The speed of the cipher depends on complier as well. Same implementation may yield widely varied performances on different platforms. Although diffusion and security margin may not say anything about how secure the cipher is, but they are important in the analysis of the cipher. - End of Report -
Implementation and Performance analysis of Skipjack & Rijndael Algorithms
Implementation and Performance analysis of Skipjack & Rijndael Algorithms By Viswanadham Sanku 1 Topics Skipjack cipher operations Design principles & cryptanalysis Implementation & optimization Results
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationLecture 4. Encryption Continued... Data Encryption Standard (DES)
Lecture 4 Encryption Continued... 1 Data Encryption Standard (DES) 64 bit input block 64 bit output block 16 rounds 64 (effective 56) bit key Key schedule computed at startup Aimed at bulk data >16 rounds
More informationLecture 5. Encryption Continued... Why not 2-DES?
Lecture 5 Encryption Continued... 1 Why not 2-DES? 2DES: C = DES ( K1, DES ( K2, P ) ) Seems to be hard to break by brute force, approx. 2 111 trials Assume Eve is trying to break 2DES and has a single
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationWeek 5: Advanced Encryption Standard. Click
Week 5: Advanced Encryption Standard Click http://www.nist.gov/aes 1 History of AES Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks
More informationBlock Ciphers Introduction
Technicalities Block Models Block Ciphers Introduction Orr Dunkelman Computer Science Department University of Haifa, Israel March 10th, 2013 Orr Dunkelman Cryptanalysis of Block Ciphers Seminar Introduction
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationAES Advanced Encryption Standard
AES Advanced Encryption Standard AES is iterated block cipher that supports block sizes of 128-bits and key sizes of 128, 192, and 256 bits. The AES finalist candidate algorithms were MARS, RC6, Rijndael,
More informationA High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm
A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm N. M. Kosaraju, M. Varanasi & Saraju P. Mohanty VLSI Design and CAD Laboratory Homepage: http://www.vdcl.cse.unt.edu
More informationFew Other Cryptanalytic Techniques
Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Boomerang Attack
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationin a 4 4 matrix of bytes. Every round except for the last consists of 4 transformations: 1. ByteSubstitution - a single non-linear transformation is a
Cryptanalysis of Reduced Variants of Rijndael Eli Biham Λ Nathan Keller y Abstract Rijndael was submitted to the AES selection process, and was later selected as one of the five finalists from which one
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More informationBlock Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2... M N. Then, each block M i is encrypted to the ciphertext block C i = K (M i ), and
More informationCS Network Security. Module 6 Private Key Cryptography
CS 393 - Network Security Module 6 Private ey Cryptography Data Encryption Encryption is the process of encoding a message such that its meaning is not obvious. Decryption is the reverse process, ie, transforming
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationL3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L3: Basic Cryptography II Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 8/29/2016 CSCI 451 -Fall 2016 1 Acknowledgement Many slides are from or
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationL3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015
L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining
More informationENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms
ENEE 459-C Computer Security Symmetric key encryption in practice: DES and AES algorithms A perfect encryption of a block Say you have a block of n bits You want to encrypt it You want to use the same
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationPart XII. From theory to practice in cryptography
Part XII From theory to practice in cryptography FROM CRYPTO-THEORY to CRYPTO-PRACTICE FROM CRYPTO-THEORY to CRYPTO-PRACTICE In this chapter we deal with several applied cryptography methods, systems and
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationAttacks on Advanced Encryption Standard: Results and Perspectives
Attacks on Advanced Encryption Standard: Results and Perspectives Dmitry Microsoft Research 29 February 2012 Design Cryptanalysis history Advanced Encryption Standard Design Cryptanalysis history AES 2
More informationCS 392/681 Computer Security. Module 1 Private Key Cryptography
CS 392/681 Computer Security Module 1 Private Key Cryptography Logistics Office hours Thursday 3 to 5 (tentative). Lab 0 due today. Lab 1 assigned. Due next Thursday!! ISIS is still unstable. Will fix
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5 January 23, 2012 CPSC 467b, Lecture 5 1/35 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5a January 29, 2013 CPSC 467b, Lecture 5a 1/37 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationChapter 7 Advanced Encryption Standard (AES) 7.1
Chapter 7 Advanced Encryption Standard (AES) 7.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Objectives To review a short history of AES To define
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 7 September 23, 2015 CPSC 467, Lecture 7 1/1 Advanced Encryption Standard AES Alternatives CPSC 467,
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationEnhanced Cryptanalysis of Substitution Cipher Chaining mode (SCC-128)
Enhanced Cryptanalysis of Substitution Cipher Chaining mode (SCC-128) Mohamed Abo El-Fotouh and Klaus Diepold Institute for Data Processing (LDV) Technische Universität München (TUM) 80333 Munich Germany
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationSymmetric key cryptography
The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and
More informationChap. 3. Symmetric Key Crypto (Block Ciphers)
Introduction to SW Security Chap. 3. Symmetric Key Crypto (Block Ciphers) Spring, 28 Cho, Seong-je ( 조성제 ) sjcho at dankook.ac.kr Many slides taken from Textbook (Its site), and Web sites Textbook M. T.
More informationThe NSA's Role In Computer Security. Adrien Cheval Joe Willage
The NSA's Role In Computer Security Adrien Cheval Joe Willage Introduction NSA was created in 1952 Located in Ft. Meade, Maryland Cryptographic intelligence agency of the U.S. government Part of the Department
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationOptimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,
Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2, Pursuing M.Tech., VLSI, U.V.Patel college of Engineering and Technology, Kherva, Mehsana, India
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationBlock Ciphers. Advanced Encryption Standard (AES)
Network Security - ISA 656 Angelos Stavrou September 28, 2008 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationDesign and Implementation of Rijndael Encryption Algorithm Based on FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 9, September 2013,
More informationCSc 466/566. Computer Security. 6 : Cryptography Symmetric Key
1/56 CSc 466/566 Computer Security 6 : Cryptography Symmetric Key Version: 2012/02/22 16:14:16 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationUNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan
UNIT - II Traditional Symmetric-Key Ciphers 1 Objectives To define the terms and the concepts of symmetric key ciphers To emphasize the two categories of traditional ciphers: substitution and transposition
More informationImplementing AES : performance and security challenges
Implementing AES 2000-2010: performance and security challenges Emilia Käsper Katholieke Universiteit Leuven SPEED-CC Berlin, October 2009 Emilia Käsper Implementing AES 2000-2010 1/ 31 1 The AES Performance
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 4 David Aspinall School of Informatics University of Edinburgh 26th January 2012 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationBlock Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan
Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan Block ciphers Keyed, invertible Large key space, large block size A block of plaintext is treated as a whole and used
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationFPGA Based Design of AES with Masked S-Box for Enhanced Security
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 3 Issue 5ǁ May 2014 ǁ PP.01-07 FPGA Based Design of AES with Masked S-Box for Enhanced Security
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationComp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today
Comp527 status items Crypto Protocols, part 2 Crypto primitives Today s talk includes slides from: Bart Preneel, Jonathan Millen, and Dan Wallach Install the smart card software Bring CDs back to Dan s
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 4, 2013 Part 4 Modern Crypto Block Ciphers (Iterated) Block Cipher Plaintext and ciphertext consist of fixed-sized blocks Ciphertext obtained from
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Previously on COS 433 Confusion/Diffusion Paradigm f 1 f 2 f 3 f 4 f 5 f 6 Round π 1 f 7 f 8 f 9 f 10 f 11 f 12 π 2 Substitution
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More informationFPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM
FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM P. Aatheeswaran 1, Dr.R.Suresh Babu 2 PG Scholar, Department of ECE, Jaya Engineering College, Chennai, Tamilnadu, India 1 Associate
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Jooyoung Lee School of Computing (GSIS), KAIST Outline 1. Introduction to Symmetric Key Crypto 2. Stream Ciphers 3. Block Ciphers 3.1 DES 3.2 AES 3.3 Modes of Operations 3.4
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationGoals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010
Encryption Details COMP620 Goals for Today Understand how some of the most common encryption algorithms operate Learn about some new potential encryption systems Substitution Permutation Ciphers A Substitution
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationVLSI Implementation of Advanced Encryption Standard using Rijndael Algorithm
VLSI Implementation of Advanced Encryption Standard using Rijndael Algorithm Aditya Agarwal Assistant Professor, Electronics and Communication Engineering SRM University, NCR Campus, Ghaziabad, India ABSTRACT
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More information