IDEA, RC5. Modes of operation of block ciphers
|
|
- Phillip Carson
- 5 years ago
- Views:
Transcription
1 C Lecture 8 IDA, RC5 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, 7.6 IDA RC Modes of Operation
2 IDA IDA X. Lai, J. Massey TH, bit key (billion machines each checking billion keys per second still would require 10 trillion years, to check all keys used in PGP (Pretty Good Privacy) - the most popular public domain program for secure constructed to provide an absolute resistance against differential cryptanalysis
3 Three basic operations: IDA X X X Y = X Y = X + mod 2 16 Y = X mod ( ) where 0 represents 2 16 Corresponding inverse operations: Y Y Y - -1 X = Y X = Y+(- ) mod 2 16 X = Y -1 mod ( ) Half-round of IDA: Transformation Forward transformation: X a X b X c X d a b c d Y a Y b Y c Y d Inverse transformation: Y a Y b Y c Y d -1 a - c - b -1 d X a X b X c X d
4 Half-round of IDA: Sub-encryption Forward transformation X a X b X c X d W in = X a X b V in = X c X d MANGLR FUNCTION e f W out V out Y a = X a W out Y b = X b W out Y c = X c V out Y d = X d V out Half-round of IDA: Sub-encryption Inverse transformation Y a Y b Y c Y d W in = X a X b V in = X c X d MANGLR FUNCTION e f W out V out X a = Y a W out Y b = Y b W out X c = Y c V out X d = Y d V out
5 IDA Mangler Function W in V in e f W out V out
6 IDA - ey Scheduling 128 bit Z 1 Z 2 Z 3 Z 4 Z 5 Z 6 Z 7 Z 8 Rotate 25 positions left Z 9 Z 10 Z 11 Z 12 Z 13 Z 14 Z 15 Z 16 Rotate 25 positions left RC5
7 RC5 Ron Rivest, MIT, 1994 (Ron s Code 5, Rivest s Cipher 5) variable key length (40 bits in the former export version, 128 bits to achieve the same strength as IDA) variable block size (depends on the processor word length) variable number of rounds (determines resistance to linear and differential cryptanalysis; for 9 rounds this resistance is greater than for DS) simplicity of description Basic operations: Rotation by a variable number of bits RC5 One of the fastest ciphers B w A w A<<<B C w C=A<<<B w Addition modulo 2 w where w is the size of operands A and B + A B C C = A + B mod 2 w
8 RC5 w/r/b w - word size in bits w = 16, 32, 64 input/output block = 2 words = 2 w bits Typical value: w=32 64-bit input/output block r - number of rounds b - key size in bytes key size in bits = 8 b bits 0 b 255 Recommended version: RC5 32/12/16 64 bit block 12 rounds 128 bit key ncryption RC5 Decryption Split M into two halves A and B A = A + S[0] B = B + S[1] for i= 1 to r do { A= ((A B) <<< B) + S[2i] B= ((B A) <<< A) + S[2i+1] } C= A B Split C into two halves A and B for i= r downto 1 do { B= ((B-S[2i+1]) >>> A) A A= ((A - S[2i])>>>B) B } B = B - S[1] A = A - S[0] M= A B
9 RC5 - ey Scheduling k bits of the main key 2 r + 2 round keys = (2 r + 2 ) w bits Two magic constants: P w = Odd ((e-2) 2 w ) Q w = Odd ((ϕ-1) 2 w ) ϕ - golden ratio = e - base of natural logarithms e = x-y x y x y = y x-y = RC5 ey Scheduling
10 RC5 - ey Scheduling Initialize and Convert Initialize S[0] = P w for i=1 to t-1 do S[i] = S[i-1] + Q w Convert for i=0 to c-1 do L[i] = 0; t = 2 r b c = w Copy key bits directly to the memory positions represented by L. RC5 - ey Scheduling Mix Mix i = j = 0 A = B = 0 do 3 max{t, c} times { A = S[i] = (S[i] + A + B) <<< 3 B = L[j] = (L[j] + A + B) <<< (A+B) i = (i+1) mod t j = (j+1) mod c }
11 RC5 - Resistance to differential and linear cryptanalysis Plaintext requirement # rounds Differential Cryptanalysis Linear Cryptanalysis > >2 64 Differential cryptanalysis cannot be applied to RC5 with #rounds 13 Linear cryptanalysis cannot be applied to RC5 with #rounds 7 Resistance of modern ciphers against known attacks Proprietary ciphers built into application software mostly insecure, seconds on a PC Propriatery ciphers with unknown specification uncertain, may be hard to verify Past 40-bit international version eys recoverable in less than of ciphers one hour using a small network of computers worth less than $10,000 DS Triple DS, DSX, RC5 eys can be recovered within 24 hours using a specialized machine based on FPGAs worth less than $100,000 All known attacks impractical
12 State of research regarding the security of secret-key ciphers limited number of researchers actively involved in cryptanalysis and design of new ciphers number of published ciphers > number of researchers evaluations of the cipher strength given by designers typically unreliable Honest cipher = the best known attack is an exhaustive key search attack One can rely only on ciphers analyzed by a large group of qualified researchers Modes of Operation
13 Block vs. stream ciphers M 1, M 2,, M n m 1, m 2,, m n Block cipher Internal state - IS Stream cipher C 1, C 2,, C n c 1, c 2,, c n C i =f (M i ) c i = f (m i, IS i ) IS i+1 =g (m i, IS i ) very block of ciphertext is a function of only one corresponding block of plaintext very block of ciphertext is a function of the current block of plaintext and the current internal state of the cipher Typical stream cipher Sender key initialization vector (seed) Receiver key initialization vector (seed) Pseudorandom ey Generator Pseudorandom ey Generator k i keystream k i keystream m i plaintext c i ciphertext c i ciphertext m i plaintext
14 Standard modes of operation of block ciphers Block ciphers Stream ciphers CB mode Counter mode OFB mode CFB mode CBC mode CB (lectronic CodeBook) mode
15 lectronic CodeBook Mode CB ncryption M 1 M 2 M 3 M N-1 M N C 1 C 2 C 3 C N-1 C N C i = (M i ) for i=1..n lectronic CodeBook Mode CB Decryption C 1 C 2 C 3 C N-1 C N D D D D D M 1 M 2 M 3 M N-1 M N C i = (M i ) for i=1..n
16 Criteria for Comparison of Modes of Operation hiding repeating message blocks speed capability for parallel processing and pipelining during encryption / decryption use of block cipher operations (encryption only or both) capability for preprocessing during encryption / decryption capability for random access for the purpose of reading / writing number of plaintext and ciphertext blocks required for exhaustive key search error propagation in the message after modifying / deleting one block / byte / bit of the corresponding ciphertext Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining CB CTR OFB CFB CBC Cipher operations Preprocessing Random access
17 Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed rror propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity Counter Mode
18 Counter Mode - CTR ncryption IV IV+1 IV+2 IV+N-2 IV+N-1 k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i = (IV+i-1) for i=1..n Counter Mode - CTR Decryption IV IV+1 IV+2 IV+N-2 IV+N-1 k 1 k 2 k 3 k N-1 k N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N m i = c i k i k i = (IV+i-1) for i=1..n
19 IV Counter Mode - CTR IV counter counter 1 L 1 L IN IN OUT 1 L OUT 1 L c i c i IS 1 = IV m i m i c i = (IS i ) m i IS i+1 = IS i +1 m 1 m 2 m 3 J-bit Counter Mode - CTR IV IV+1 IV+2 IV+N-2 IV+N-1 j k 1 k 2 k 3 k N-1 k N j j j j j j j j j m N-1 m j N j j j j c 1 c 2 c 3 c N-1 c N c i = m i k i k i = (IV+i-1)[1..j] for i=1..n
20 IV J-bit Counter Mode - CTR IV counter counter 1 L 1 L IN IN OUT OUT j bits L-j bits j bits L-j bits 1 j L 1 j L c i c i m i m i OFB (Output FeedBack) Mode
21 IV Output Feedback Mode - OFB ncryption k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i = (k i-1 ) for i=1..n, and k 0 = IV IV Output Feedback Mode - OFB Decryption k 1 k 2 k 3 k N-1 k N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N m i = c i k i k i = (k i-1 ) for i=1..n, and k 0 = IV
22 Output Feedback Mode - OFB IV IV 1 L 1 L IN IN OUT 1 L IS 1 = IV c i = (IS i ) m i IS i+1 = (IS i ) OUT 1 L c i c i m i m i J-bit Output Feedback Mode - OFB IV shift shift IV L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L IN IN OUT j bits L-j bits OUT j bits L-j bits 1 j L 1 j L c i c i m i m i
23 CFB (Cipher FeedBack) Mode IV Cipher Feedback Mode - CFB ncryption k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i = (c i-1 ) for i=1..n, and c 0 = IV
24 IV Cipher Feedback Mode - CFB Decryption k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N m i = c i k i k i = (c i-1 ) for i=1..n, and c 0 = IV Cipher Feedback Mode - CFB IV IV 1 L 1 L IN IN IS 1 = IV OUT 1 L c i = (IS i ) m i IS i+1 = c i OUT 1 L c i c i m i m i
25 shift J-bit Cipher Feedback Mode - CFB IV shift L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L IV IN IN OUT j bits L-j bits OUT j bits L-j bits 1 j L 1 j L c i c i m i m i CBC (Cipher Block Chaining) Mode
26 Cipher Block Chaining Mode - CBC ncryption IV m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = (m i c i-1 ) for i=1..n c 0 =IV Cipher Block Chaining Mode - CBC Decryption c 1 c 2 c 3 c N-1 c N IV D D D D D m 1 m 2 m 3 m N-1 m N m i = D (c i ) c i-1 for i=1..n c 0 =IV
27 Comparison among various modes Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access CB CTR OFB CFB CBC No Yes Yes Yes Yes s CB s CB j/l s CB j/l s CB s CB ncryption and decryption ncryption and decryption ncryption and decryption ncryption only None ncryption only Decryption only ncryption only Decryption only ncryption and decryption No Yes Yes No No R/W R/W No R only R only
28 Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks rror propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits j bits j bits L+j bits L+j bits Current and all subsequent Current and all subsequent Current and all subsequent L bits Current and all subsequent No No No No No New modes of operation
29 valuation Criteria for Modes of Operation Security fficiency Functionality Security valuation criteria (1) fficiency resistance to attacks proof of security random properties of the ciphertext number of calls of the block cipher capability for parallel processing memory/area requirements initialization time capability for preprocessing
30 valuation criteria (2) Functionality security services - confidentiality, integrity, authentication flexibility - variable lengths of blocks and keys - different amount of precomputations - requirements on the length of the message vulnerability to implementation errors requirements on the amount of keys, initialization vectors, random numbers, etc. error propagation and the capability for resynchronization patent restrictions CBC IV m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N Problems: - No parallel processing of blocks from the same packet - No speed-up by preprocessing - No integrity or authentication
31 Counter mode IV IV+1 IV+2 IV+N-1 IV+N k 0 k 1 k 2 k N-1 k N m 0 m 1 m 2 m N-1 m N c 0 c 1 c 2 c N-1 c N Features: + Potential for parallel processing + Speed-up by preprocessing - No integrity or authentication Properties of existing and new cipher modes Proof of security CBC CFB OFB New standard Parallel processing Preprocessing Integrity and authentication Resistance to implementation errors decryption only
32 OCB - Offset Codebook Mode IV 0 M 1 M 2 M N-1 M N Control sum length Z 1 Z 2 Z N-1 g(l) Z N Z N L Z 1 Z 2 Z N-1 M N τ bits R C 1 C 2 C N-1 C N T Z i =f(l, R, i) New modes of block ciphers 1. CCM - Counter with CBC-MAC developed by R. Housley, D. Whiting, N. Ferguson in 2002 assures simultaneous confidentiality and authentication not covered by any patent part of the I i standard for wireless networks 2. GCM Galois/Counter Mode developed by D. McGrew and J. Viega in 2005 assures simultaneous confidentiality and authentication not covered by any patent used in the I 802.1A (MACsec) thernet security, ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), I P tape storage, and ITF IPSec standards
33 Properties of new modes of operation CBC CFB OFB CTR CCM GCM Proof of security Parallel processing only decryption Half of operations Preprocessing Integrity and authentication Half of Half of operations operations Resistance to implementation errors FIPS standards: Modes of operation of block ciphers Timeline CBC, CFB, OFB, CB FIPS 81 (for DS) CTR (counter mode) Dec For arbitrary block cipher CCM May 2004 GCM SP A SP A SP B SP D Nov 2007 Contests: Apr NIST 10 modes submitted to the contest (including, CTR, OCB, IACBC, IAPM) Patent issues. Attacks: Aug DCM mode developed by NSA several days after the publication
ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:
C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationECE 646 Lecture 7. Data Encryption Standard DES. Secret-Key Ciphers. Secret agreement between IBM & NSA, 1974
C 646 Lecture 7 Secret-Key Ciphers Data Standard DS NBS public request for a standard cryptographic algorithm May 15, 1973, August 27, 1974 The algorithm must be: secure public - completely specified -
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationECE 646 Lecture 7. Secret-Key Ciphers. Data Encryption Standard DES
ECE 646 Lecture 7 Secret-Key Ciphers Data Encryption Standard DES 1 NBS public request for a standard cryptographic algorithm May 15, 1973, August 27, 1974 The algorithm must be: secure public - completely
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationc Eli Biham - March 13, Cryptanalysis of Modes of Operation (4) c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4)
Single Modes: the S Modes of Operation Modes of Operation are used to hide patterns in the plaintexts, protect against chosen plaintext attacks, and to support fast on-line encryption with precomputation.
More informationHow to Use Your Block Cipher? Palash Sarkar
How to Use Your Block Cipher? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in IACITS New Delhi, 2 nd April 2009 Palash Sarkar (ISI, Kolkata) Using
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationDarshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques
Q 1. Draw and explain Feistel s structure for encryption and decryption. The exact realization of Feistel network depends on the choice of which parameters? Feistel cipher is based on the idea that instead
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationBlock Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2... M N. Then, each block M i is encrypted to the ciphertext block C i = K (M i ), and
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationStream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91
Stream ciphers Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 91 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 92 Stream Cipher Suppose you want to encrypt
More informationCSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation
CSCI 454/554 Computer and Network Security Topic 3.2 Secret Key Cryptography Modes of Operation Processing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to encrypt long messages?
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationStream Ciphers An Overview
Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext
More informationProcessing with Block Ciphers
AIT 682: Network and Systems Security Topic 3.2 Secret Cryptography Modes of Operation Instructor: r. Kun Sun rocessing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to encrypt
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationCSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes
CSC/C 574 Computer and Network Security Topic 3.2 Secret Cryptography Modes of Operation CSC/C 574 r. eng Ning 1 rocessing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to encrypt
More informationData Encryption Standard
ECE 646 Lecture 6 Data Encryption Standard Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However,
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationModes of Operation. Raj Jain. Washington University in St. Louis
Modes of Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at : http://www.cse.wustl.edu/~jain/cse567-06/
More informationSymmetric key cryptography
The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationGeldy : A New Modification of Block Cipher
Geldy : A New Modification of Block Cipher Candy Olivia Mawalim (13513031) School of Electrical Engineering and Informatics Institut Teknologi Bandung Jl. Ganesha 10 Bandung 40132, Indonesia 13513031@std.stei.itb.ac.id
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationIntroduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space
Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationAppendix A: Introduction to cryptographic algorithms and protocols
Security and Cooperation in Wireless Networks http://secowinet.epfl.ch/ Appendix A: Introduction to cryptographic algorithms and protocols 2007 Levente Buttyán and Jean-Pierre Hubaux symmetric and asymmetric
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationLecture 2: Shared-Key Cryptography
Graduate Course on Computer Security Lecture 2: Cryptography Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ DIMI, Universita di Udine,
More informationApplied Cryptography Data Encryption Standard
Applied Cryptography Data Encryption Standard Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 History DES has a checkered history. The book provided fascinating reading
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationA SIMPLIFIED IDEA ALGORITHM
A SIMPLIFIED IDEA ALGORITHM NICK HOFFMAN Abstract. In this paper, a simplified version of the International Data Encryption Algorithm (IDEA) is described. This simplified version, like simplified versions
More informationSecret Key Cryptography Overview
Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc01_07/ Block ciphers
More informationCS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES
CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationSome Aspects of Block Ciphers
Some Aspects of Block Ciphers Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in CU-ISI Tutorial Workshop on Cryptology, 17 th July 2011 Palash Sarkar
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationThe Helion basic guide to AES encryption in hardware
The Helion basic guide to AES encryption in hardware What is AES? During September 1997, the National Institute of Standards and Technology (NIST), the main standards body in the US, issued an open request
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcements Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationIntroduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu
Introduction to Cryptographic Systems Asst. Prof. Mihai Chiroiu Vocabulary In cryptography, cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Decryption
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationThe OCB Authenticated-Encryption Algorithm
The OCB Authenticated-Encryption Algorithm Ted Krovetz California State University, Sacramento, USA Phillip Rogaway University of California, Davis, USA IETF 83 Paris, France CFRG 11:20-12:20 in 212/213
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationThe Salsa20 Family of Stream Ciphers
The Salsa20 Family of Stream Ciphers Based on [Bernstein, 2008] Erin Hales, Gregor Matl, Simon-Philipp Merz Introduction to Cryptology November 13, 2017 From a security perspective, if you re connected,
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations: Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationSensor Networks. Xueying Zhang, Howard M. Heys, and Cheng Li. Electrical and Computer Engineering. Faculty of Engineering and Applied Science
Energy Efficiency of Encryption Schemes Applied to Wireless Sensor Networks Xueying Zhang, Howard M. Heys, and Cheng Li Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial
More informationCIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation
CIS 6930/4930 Computer and Network Security Topic 3.2 Secret Key Cryptography Modes of Operation 1 Cipher Feedback Mode (CFB) IV Key 64 64 64 64 64 M 1 M 2 M 3 M 4 64 64 64 46 + padding 64 64 64 64 C 1
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationUNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE
INFORMATION TECHNOLOGY SECURITY GUIDANCE CRYPTOGRAPHIC ALGORITHMS FOR UNCLASSIFIED, PROTECTED A, AND PROTECTED B INFORMATION ITSP.40.111 August 2016 FOREWORD The Cryptographic Algorithms for UNCLASSIFIED,
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 4, 2013 Part 4 Modern Crypto Block Ciphers (Iterated) Block Cipher Plaintext and ciphertext consist of fixed-sized blocks Ciphertext obtained from
More informationA Chosen-key Distinguishing Attack on Phelix
A Chosen-key Distinguishing Attack on Phelix Yaser Esmaeili Salehani* and Hadi Ahmadi** * Zaeim Electronic Industries Co., Tehran, Iran. ** School of Electronic Engineering, Sharif University of Technology,
More informationCryptography Symmetric Encryption Class 2
Cryptography Symmetric Encryption Class 2 Stallings: Ch 3 & 6 Stallings: Ch 4 CEN-5079: 18.January.2018 1 Symmetric Cryptosystems Encryption Key Decryption Key Plaintext Plaintext Encryption Algorithm
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 4 David Aspinall School of Informatics University of Edinburgh 26th January 2012 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationCryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively
More information