Introduction. Secret Key Cryptography. Outline. Secrets? (Cont d) Secret Keys or Secret Algorithms? Introductory Remarks Feistel Cipher DES AES
|
|
- Arthur Greer
- 5 years ago
- Views:
Transcription
1 Outline CSCI 454/554 Computer and Network Security Introductory Remarks Feistel Cipher DES AES Topic 3.1 Secret Key Cryptography Algorithms 2 Secret Keys or Secret Algorithms? Introduction Security by obscurity hide the details o the algorithms drawback: hard to keep secret i cipher is used widely, or implementation can be reverse engineered Alternative: publish the algorithms ewer vulnerabilities will result i many smart people try and ail to break the cipher security o the cipher depends on the secrecy o the keys, instead 4 Secrets? (Cont d) Commercial world relies upon standardized, public algorithms, and secret keys Government tends to also rely on secret algorithms Secret Key Cryptography plaintext Encryption ciphertext key Decryption plaintext Same key is used or both encryption and decryption this one key is shared by two parties who wish to communicate securly Also known as symmetric key cryptography, or shared key cryptography 5 6
2 Applications o Secret Key Crypto Communicating securely over an insecure channel Alice encrypts using shared key Bob decrypts result using same shared key Secure storage on insecure media Bob encrypts data beore storage Bob decrypts data on retrieval using the same key 7 Applications (Cont d) Message integrity Alice computes a message integrity code (MIC) rom the message, then encrypts with shared key Bob decrypts the MIC on receipt, and veriies that it agrees with message contents Authentication Bob can veriy Alice sent the message how is that possible? 8 Generic Block Encryption Converts one input plaintext block o ixed size k bits to an output ciphertext block also o k bits Beneits o large k? o short k? plaintext key ciphertext block 0 block 1 block 2 Encryption block 0 block 1 block 2 Key Sizes Keys should be selected rom a large potential set, to prevent brute orce attacks Secret key sizes 40 bits were considered adequate in 70 s 56 bits used by DES were adequate in the 80 s 128 bits are adequate or now I computers increase in power by 40% per year, need roughly 5 more key bits per decade to stay suiciently hard to break 9 10 Notation Two Principles or Cipher Design Notation X Y X Y K{m} Meaning Bit-wise exclusive-or o X and Y Concatenation o X and Y Message m encrypted with secret key K Conusion: Make the relationship between the <plaintext, key> input and the <ciphertext> output as complex (nonlinear) as possible Diusion: Spread the inluence o each input bit across many output bits 11 12
3 Exploiting the Principles Idea: use multiple, alternating permutations and substitutions, e.g., S!P!S!P!S! P!S!P!S!P! Do they have to alternate? e.g. S!S!S!P!P!P!S!S!?? Conusion is mainly accomplished by substitutions Diusion is mainly accomplished by permutations Example ciphers: DES, AES Secret Key (Cont d) Basic technique used in secret key ciphers: multiple applications o alternating substitutions and permutations plaintext S P S P S ciphertext key Well-known examples: DES, AES Basic Form o Modern Block Ciphers Plaintext block Key Preprocessing Sub-Key Generation Rounds o Encryption i=1,2,,n Postprocessing Sub-Key #1 Sub-Key #2 Sub-Key #3 Sub-Key #n Feistel Ciphers Ciphertext block Overview One Round o Feistel Encryption Feistel Cipher has been a very inluential template or designing a block cipher Major beneit: can do encryption and decryption with the same hardware Examples: DES, RC5 1. Break input block i into let and right halves L i and R i 2. Copy R i to create output hal block L i+1 3. Hal block R i and key K i are scrambled by unction 4. XOR result with input hal-block L i to create output hal-block R i+1 L i Input block i R i L i+1 R i+1 Output block i+1 K i 17 18
4 One Round o Feistel Decryption Complete Feistel Cipher: Encryption Just reverse the arrows! Output block i+1 L i R i Plaintext (2w bits) L 0 R 0 K 1 K i Round i K 2 L 2 R 2 Round n K n L i+1 R i+1 Input block i note this inal swap! L n R n L n+1 R n+1 19 Ciphertext (2w bits) 20 Feistel Cipher: Decryption Parameters o a Feistel Cipher Ciphertext (2w bits) L 0 R 0 K n Block size Key size Number o rounds Round i K n-1 Subkey generation algorithm Scrambling unction L 2 R 2 Round n K 1 note this inal swap! L n R n L n+1 R n+1 Plaintext (2w bits) Comments Decryption is the same as encryption, only reversing the order in which are applied Reversability o Feistel cipher derives rom reversability o XOR Function can be anything Hopeully something easy to compute There is no need to invert DES (Data Encryption Standard) 23 24
5 DES (Data Encryption Standard) Standardized in 1976 by NBS (now NIST) proposed by IBM, Feistel cipher Criteria (oicial) provide high level o security security must reside in key, not algorithm not patented must be exportable eicient to implement in hardware DES (Cont d) Criteria (unoicial) must be slow to execute in sotware must be breakable by NSA :-) DES Basics DES Top Level View Blocks: 64 bit plaintext input, 64 bit ciphertext output Rounds: 16 Key: 64 bits every 8 th bit is a parity bit, so really 56 bits long 64 bit plaintext block DES Encryption 56 bit key (+ 8 bits parity) 64 bit ciphertext block 64-bit Input Initial Permutation Round 2 6 Swap Halves Final Permutation 48-bit K 1 48-bit K 2 48-bit K bit Key Generate 64-bit Output Initial and Final Permutations Initial (Cont d) Initial permutation given below input bit #58!output bit #1, input bit #50! output bit #2, bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 Final permutation is just inverse o initial permutation, i.e., input bit #1! output bit #58 input bit #2! output bit #50 64-bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K
6 Initial (Cont d) Note #1: Initial Permutation is ully speciied (independent o key) thereore, does not improve security! why needed? Note #2: Final Permutation is needed to make this a Feistel cipher i.e., can use same hardware or both encryption and decryption 31 Key Generation: First Permutation First step: throw out 8 parity bits, then permute resulting 56 bits 7 columns 8 rows bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 Parity bits let out: 8,16,24, 32 KeyGen: Processing Per Round KeyGen: Permutation with Discard 28 bits! 24 bits, each hal o key 48 bit K i C i-1 28 bits D i-1 28 bits Circular Let Shit C i Permutation with Discard Circular Let Shit D i 28 bits 28 bits Rounds i = 1,2,9,16: let circular shit 1 bit Other rounds: let circular shit 2 bits 33 Let hal o K i = permutation o C i Bits let out: 35,38,43,54 Bits let out: 9,18,22,25 Right hal o K i = permutation o D i One DES (Feistel) Round DES Round: (Mangler) Function Input block i L i R i 64-bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 Input block i L i R i unction = Mangler 32-bit hal block Expansion K i 64-bit Output K i 48 bits K i S-Box (substitution) L i+1 R i+1 Output block i+1 L i+1 R i+1 Output block i+1 Permutation 32-bit hal block 35 36
7 : Expansion Function 32 bits " 48 bits these bits are repeated : S-Box (Substitute, Shrink) 48 bits " 32 bits 48 bit is broken into eight 6-bit chunks. 6 bits are used to select a 4-bit substitution i.e., or every output, there are our inputs that map to it 2 bits row 4 bits column I1 I2 I3 I4 I5 I6 S i or i = 1,,8 O1 O2 O3 O4 an integer between 0 and : S 1 (Substitution) Each row and column contain dierent numbers I2/I3/I4/I5! F I1/I6! 0 E 4 D 1 2 F B 1 0 F 7 4 E 2 D E 8 D F C Example: input= , output= 1000 or S 2..S 8 (and rest o S 1 ), see the textbook 32bits " 32bits : Permutation DES Implementation That s it! Operations Permutation Swapping halves Substitution (S-box, table lookup) Bit discard Bit replication Circular shit XOR Hard to implement? HW: No, SW: Yes 41 DES Analysis 42
8 We don t know i Good Design? the particular details were well-chosen or strength, whether someone lipped coins to construct the S-boxes, or whether the details were chosen to have a weakness that could be exploited by the designers. Issues or Block Ciphers Number o rounds should be large enough to make advanced attacks as expensive as exhaustive search or the key Principles or S-Box Design S-box is the only non-linear part o DES Each row in the S-Box table should be a permutation o the possible output values Output o one S-box should aect other S- boxes in the ollowing round 45 Desirable Property: Avalanche Eect Roughly: a small change in either the plaintext or the key should produce a big change in the ciphertext Better: any output bit should be inverted (lipped) with probability 0.5 i any input bit is changed unction must be diicult to un-scramble should achieve avalanche eect output bits should be uncorrelated 46 DES Avalanche Eect: Example 2 plaintexts with 1 bit dierence: 0x and 0x encrypted using the same key: 0x016B24621C181C32 Resulting ciphertexts dier in 34 bits (out o 64) Similar results when keys dier by 1 bit Example (cont d) An experiment: number o rounds vs. number o bits dierence Round # Bits changed
9 DES: Keys to Avoid Using Weak keys : 4 keys with property K{K{m}} = m What s bad about that? These are keys which, ater the irst key permutation, are: 28 0 s ollowed by 28 0 s 28 0 s ollowed by 28 1 s 28 1 s ollowed by 28 0 s 28 1 s ollowed by 28 1 s More Keys to Avoid! Semi-weak keys : pairs o keys with the property K 1 {K 2 {m}} = m What s bad about that? These are keys which, ater the irst key permutation, are: s ollowed by alternating 0 s and 1 s s ollowed by alternating 1 s and 0 s 12. alternating 1 s and 0 s ollowed by alternating 1 s and 0 s DES Key Size 56 bits is currently too small to resist brute orce attacks using readily-available hardware Ten years ago it took $250,000 to build a machine that could crack DES in a ew hours Now? Cryptanalysis o DES Dierential cryptanalysis exploits dierences between encryptions o two dierent plaintext blocks provides insight into possible key values DES well designed to deeat dierential analysis Linear cryptanalysis requires known plaintext / ciphertext pairs, analyzes relationships to discover key value or DES, requires analyzing O(2 47 ) pairs No attacks on DES so ar are signiicantly better than brute orce attacks, or comparable cost Overview Selected rom an open competition, organized by NSA winner: Rijndael algorithm, standardized as AES AES (Advanced Encryption Standard) A short history: Some similarities to DES (rounds,, alternate permutation+substitution) but not a Feistel cipher Block size = 128 bits Key sizes = 128, 192, or 256 Main criteria: secure, well justiied, ast 53 54
10 AES-128 Overview AES-128 State 128-bit Input 128-bit K bit K bit key Generate Q1: What happens in each round? Q2: How are generated? Each plaintext block o 16 bytes is arranged as 4 columns o 4 bytes each a 0 a 1 a 2 a 3 a 4 a 5 a 6 a 7 a 8 a 9 a 10 a 11 a 12 a 13 a 14 a 15 a 0 a 4 a 8 a 12 a 1 a 5 a 9 a 13 0 a 2 a 6 a 10 a bit Output 128-bit K 10 a 3 a 7 a 11 a 15 (Padding necessary or messages not a multiple o 16 bytes) One AES-128 Round AES Encryption/Decryption 1. Apply S-box unction to each byte o the state (i.e., 16 substitutions) 2. Rotate (row 0 o state is unchanged) row 1 o the state shits let 1 column row 2 o the state shits let 2 columns row 3 o the state shits let 3 columns 3. Apply MixColumn unction to each column o state last round omits this step Round Step 1. AES S-Box S-Box (Cont d) Each byte o state is replaced by a value rom ollowing table eg. byte with value 0x95 is replaced by byte in row 9 column 5, which has value 0x2A The S-Box is what makes AES a non-linear cipher X Y a b c d e c 77 7b 2 6b 6 c b e d7 ab 76 1 ca 82 c9 7d a ad d4 a2 a 9c a4 72 c0 2 b7 d cc 34 a5 e d c7 23 c a e2 eb 27 b c 1a 1b 6e 5a a0 52 3b d6 b3 29 e d1 0 ed 20 c b1 5b 6a cb be 39 4a 4c 58 c 6 d0 e aa b 43 4d c 9 a a d 38 5 bc b6 da d2 8 cd 0c 13 ec c4 a7 7e 3d 64 5d dc 22 2a ee b8 14 de 5e 0b db a e0 32 3a 0a c c2 d3 ac e4 79 b e7 c8 37 6d 8d d5 4e a9 6c 56 4 ea 65 7a ae 8 c ba e 1c a6 b4 c6 e8 dd b bd 8b 8a d 70 3e b e b9 86 c1 1d 9e e e d9 8e 94 9b 1e 87 e9 ce d 8c a1 89 0d b e d 0 b0 54 bb 16 For every value o b there is a unique value or b - It is aster to use a substitution table (and easier). b'0 b' 1 b'2 b'3 b'4 b'5 b'6 b' 7 = x = b -1 in GF(2 8 ), i.e., x is the inverse o byte b x 0 x1 x2 x 3 x 4 x 5 x 6 x
11 S-Box Example Round Step 2. Rotate (Example) The S-Box is what makes AES a non-linear cipher Beore Shit Rows Ater Shit Rows State C0 D0 4A E1 F A1 AF Sbox( 50 ) Sbox( 60 ) Sbox( 70 ) Sbox( 00 ) 53 D Sbox( 10 ) Sbox( 20 ) Sbox( 30 ) Sbox( C0 ) Sbox( D0 ) Sbox( 4A ) Sbox( E1 ) Sbox( F7 ) Ater SubBytes CA 70 B7 D6 04 F8 BA 68 Sbox( 81 ) Sbox( 93 ) Sbox( A1 ) Sbox( AF ) 53 CA 70 0C 53 CA 70 0C D0 B7 D6 DC B7 D6 DC D F8 32 F BA BA 68 0C DC MixColumn (Cont d) Round Step 3. MixColumn Function Applied to each column o the state For each column, each byte aiai+3 o the column is used to look up our 4-byte intermediate columns titi+3 rom a table (next slide) The intermediate columns titi+3 are then combined (next slide + 1): rotate vertically so top octet o ti is in the same row as input octet (ai) XOR the our rotated columns together Part o the MixColumn table: right (low-order) nibble (4 bits) let (high-order) nibble (4 bits) 63 MixColumn (Cont d) 64 Generating Round Keys in AES-128 Example The key (16 bytes) is arranged in 4 columns o 4 rows, as or the input (plaintext) block) Deriving the makes use o a table o constants: Removes symmetry and linearity rom key expansion 65 Round i Constant ci 1 0x01 2 0x02 3 0x04 4 0x08 5 0x10 6 0x20 7 0x40 8 0x80 9 0x1b 10 0x36 66
12 Round Keys (Cont d) Round Keys (Cont d) For i th round o keys, i = or column index j = 0 temp = column 3 o (i-1) th (previous) round rotate temp upward one byte S-Box transorm each byte o temp XOR irst byte o temp with c i c i! S or column index j = 1..3 temp = column j-1 o i th (this) round result = temp XOR j th column o key round i Key Expansion Rationale Designed to resist known attacks Design criteria include knowing part o the key doesn t make it easy to ind entire key key expansion must be invertible, but enough non-linearity to hinder analysis should be ast to compute, simple to describe and analyze key bits should be diused into the 69 Mathematics AES Operates on the binary ield GF(2 8 ) - this can be represented as a polynomial b(x) with binary coeicients b {0,1}: b 7 x 7 + b 6 x 6 + b 5 x 5 + b 4 x 4 + b 3 x 3 + b 2 x 2 + b 1 x + b 0 Multiplication in GF(2 8 ) consists o multiplying two polynomials modulo an irreducible polynomial o degree 8 - AES uses the ollowing irreducible polynomial m(x) = x 8 + x 4 + x 3 + x AES-128 Decryption (Conceptual) Inverse S-Box Run cipher in reverse, with inverse o each operation replacing the encryption operations Inverse operations: XOR is its own inverse inverse o S-box is just the inverse table (next slide) inverse o rotation in one direction is rotation in other direction inverse o MixColumn is just the inverse table (next slide + 1) X Y a b c d e a d a5 38 b 40 a3 9e 81 3 d7 b 1 7c e b e c4 de e9 cb b a6 c2 23 3d ee 4c 95 0b 42 a c3 4e 3 8 2e a d9 24 b2 76 5b a2 49 6d 8b d d4 a4 5c cc 5d 65 b c d ed b9 da 5e a7 8d 9d d8 ab 0 8c bc d3 0a 7 e b8 b d0 2c 1e 8 ca c1 a bd a 6b 8 3a dc ea 97 2 c ce 0 b4 e ac e7 ad e e8 1c 75 d 6e a a 71 1d 29 c b7 62 0e aa 18 be 1b b c 56 3e 4b c6 d a db c0 e 78 cd 5a 4 c 1 dd a c7 31 b ec 5 d a9 19 b5 4a 0d 2d e5 7a 9 93 c9 9c e e a0 e0 3b 4d ae 2a 5 b0 c8 eb bb 3c b 4 7e ba 77 d6 26 e c 7d 71 72
13 let (high-order) nibble (4 bits) InvMixColumn right (low-order) nibble (4 bits) AES Decryption (Actual) Run cipher in orward direction, except use inverse operations apply in reverse order apply InvMixColumn to K1..K9 Decryption takes more memory and cycles encryption can only partially reuse hardware or encryption AES Assessment Speed: about 16 clock cycles/byte on modern 32-bit CPUs 200 MByte/s on a PC, no special hardware! No known successul attacks on ull AES best attacks work on 7-9 rounds (out o rounds) Clean design For brute orce attacks, AES-128 will take 4*10 21 X ( = 2 72 ) more eort than DES 75 Attacks on AES Dierential Cryptanalysis: based on how dierences in inputs correlate with dierences in outputs - greatly reduced due to high number o rounds Linear Cryptanalysis: based on correlations between input and output - S-Box & MixColumns are designed to rustrate Linear Analysis Side Channel Attacks: based on peculiarities o the implementation o the cipher 76 Side Channel Attacks Timing Attacks: measure the time it takes to do operations - some operations, with some operands, are much aster than other operations, with other operand values - provides clues about what internal operations are being perormed, and what internal data values are being produced Power Attacks: measures power to do operations - changing one bit requires considerably less power than changing many bits in a byte Summary Secret key crypto is (a) good quality, (b) aster to compute than public key crypto, and (c) the most widely used crypto DES strong enough or non-critical applications, but triple-des is better AES even better (stronger and much aster), has versions with 128-, 192-, and 256-bit keys Secret key crypto requires out-o-band, bilateral key negotiation/agreement 77 78
CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationCIS 6930/4930 Computer and Network Security. Project requirements
CIS 6930/4930 Computer and Network Security Project requirements Project Requirement Form a team of 3 people to complete the course project. The project has 100pts + 20pts (extra credit) Report requirement:
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 64
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations: Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationCrypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion
Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationUNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan
UNIT - II Traditional Symmetric-Key Ciphers 1 Objectives To define the terms and the concepts of symmetric key ciphers To emphasize the two categories of traditional ciphers: substitution and transposition
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationBlock Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan
Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan Block ciphers Keyed, invertible Large key space, large block size A block of plaintext is treated as a whole and used
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationPGP: An Algorithmic Overview
PGP: An Algorithmic Overview David Yaw 11/6/2001 VCSG-482 Introduction The purpose of this paper is not to act as a manual for PGP, nor is it an in-depth analysis of its cryptographic algorithms. It is
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationCSc 466/566. Computer Security. 6 : Cryptography Symmetric Key
1/56 CSc 466/566 Computer Security 6 : Cryptography Symmetric Key Version: 2012/02/22 16:14:16 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.1 Introduction to Cryptography CSC 474/574 By Dr. Peng Ning 1 Cryptography Cryptography Original meaning: The art of secret writing Becoming a science that
More informationWeek 5: Advanced Encryption Standard. Click
Week 5: Advanced Encryption Standard Click http://www.nist.gov/aes 1 History of AES Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationBlock Ciphers Introduction
Technicalities Block Models Block Ciphers Introduction Orr Dunkelman Computer Science Department University of Haifa, Israel March 10th, 2013 Orr Dunkelman Cryptanalysis of Block Ciphers Seminar Introduction
More informationModern Block Ciphers
Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate
More informationBlock Encryption and DES
Block Encryption and DES Plain Text Block 1 Block 2 Block 3 Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationL3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015
L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationChapter 7 Advanced Encryption Standard (AES) 7.1
Chapter 7 Advanced Encryption Standard (AES) 7.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Objectives To review a short history of AES To define
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationLecture 5. Encryption Continued... Why not 2-DES?
Lecture 5 Encryption Continued... 1 Why not 2-DES? 2DES: C = DES ( K1, DES ( K2, P ) ) Seems to be hard to break by brute force, approx. 2 111 trials Assume Eve is trying to break 2DES and has a single
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Pseudorandom Permutations unctions that look like random permutations Syntax: Key space K (usually {0,1}
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationDifferential Cryptanalysis
Differential Cryptanalysis See: Biham and Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993. c Eli Biham - March, 28 th, 2012 1 Differential Cryptanalysis The Data
More informationImplementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001
Implementation and Performance analysis of Skipjack & Rijndael Algorithms by Viswnadham Sanku ECE646 Project Fall-2001 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. OBJECTIVE 3 2. SKIPJACK CIPHER 3 2.1 CIPHER
More informationIntroduction to Modern Symmetric-Key Ciphers
Introduction to Modern Symmetric-Key Ciphers 1 Objectives Review a short history of DES. Define the basic structure of DES. List DES alternatives. Introduce the basic structure of AES. 2 Data Encryption
More informationLecture 4. Encryption Continued... Data Encryption Standard (DES)
Lecture 4 Encryption Continued... 1 Data Encryption Standard (DES) 64 bit input block 64 bit output block 16 rounds 64 (effective 56) bit key Key schedule computed at startup Aimed at bulk data >16 rounds
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationSecret Key Cryptography Overview
Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc01_07/ Block ciphers
More informationCryptography ThreeB. Ed Crowley. Fall 08
Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 7 September 23, 2015 CPSC 467, Lecture 7 1/1 Advanced Encryption Standard AES Alternatives CPSC 467,
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5a January 29, 2013 CPSC 467b, Lecture 5a 1/37 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationBlock Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2... M N. Then, each block M i is encrypted to the ciphertext block C i = K (M i ), and
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working on Stern's code, principally with
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5 January 23, 2012 CPSC 467b, Lecture 5 1/35 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationECE Lecture 7. Towards modern ciphers. Data Encryption Standard and its extensions. Levels of Security
ECE 646 - Lecture 7 Towards modern ciphers Data Encryption tandard and its extensions Required Reading: I W tallings, "Cryptography and Network-ecurity," 4th Edition, Chapter 3: Block Ciphers and the Data
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More information