Symmetric Key Cryptography

Size: px
Start display at page:

Download "Symmetric Key Cryptography"

Transcription

1 Symmetric Key Cryptography Jooyoung Lee School of Computing (GSIS), KAIST

2 Outline 1. Introduction to Symmetric Key Crypto 2. Stream Ciphers 3. Block Ciphers 3.1 DES 3.2 AES 3.3 Modes of Operations 3.4 Key Exhaustive Search and Meet-in-the-Middle Attack

3 (Symmetric Key) Cryptography Message Privacy: concealing the content of messages via encryption schemes, modes of operations etc. Message Integrity: preventing an adversary from making unnoticed changes to the message via message authentication codes, authenticated modes of operation etc.

4 Communication Over an Insecure Channel Oscar (bad) x Alice (good) x insecure channel x Bob (good)

5 Symmetric Key Cryptography Oscar (bad) y Alice (good) x y y x encryption insecure channel decryption e( ) d( ) Bob (good) k k secure channel x, y, k are called plaintext, ciphertext, key, resp. The set of all possible keys is called the key space We write y = e k (x) and x = d k (y) d k (e k (x)) = x for every key k The problem of transmitting a message securely is reduced to the problems of transmitting a key secretly and of storing the key in a secure fashion.

6 A Message is a Binary String: ASCII Code ASCII Code Row Number Column Number NUL DLE P ` p 0001 SOH DC1! 1 A Q a q 0010 STX DC2 " 2 B R b r 0011 ETX DC3 # 3 C S c s 0100 EOT DC4 $ 4 D T d t 0101 ENQ NAK % 5 E U e u 0110 ACK SYN & 6 F V f v 0111 BELL ETB ' 7 G W g w 1000 BS CAN ( 8 H X h x 1001 HT EM ) 9 I Y i y 1010 LF SUB * : J Z j z 1011 VT ESC + ; K [ k 1100 FF FS, < L \ l { 1101 CR GS - = M ] m 1110 SO RS. > N ^ n } ~ 1111 SI US /? O _ o DEL Ex) A" The isascii represented code of a character by is found ". by combining its Column Number (given in 3-bit binary) with its Row Number (given in 4-bit binary).

7 Key Length Should be Secure against Exhaustive Key Search Definition (Basic Exhaustive Key Search) Let (x, y) denote the pair of plaintext and cipher text, and let K = {k 1,..., k N } be the key space of all possible keys k i. Exhaustive key search checks for every k i K whether or not d ki (y) = x. If the equality holds, a possible correct key is found; if not, proceed with the next key. If an encryption algorithm uses n-bit keys, then exhaustive key search requires O(2 n ) computational steps If there is a smart attack whose complexity is less than O(2 n ), then the encryption algorithm is said broken"

8 Key Length How many key bits are enough? Only relevant if exhaustive key search is the best known attack The key lengths for symmetric and asymmetric algorithms are dramatically different Time for exhaustive key search on symmetric algorithms Key length Security estimation bits short term: a few hours or days bits long term: several decades w/o quantum computers 256 bits long term: several decades with quantum comp. alg.

9 Stream Ciphers vs. Block Ciphers Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010 Stream ciphers encrypt bits individually Block ciphers encrypt an entire block of plaintext bits at a time with the same key Each key defines a permutation on {0, 1} b Most block ciphers have a block length of 128 bits (AES) or 64 bits (DES, 3DES)

10 Design Principles for Block Ciphers Confusion: the influence of one key bit is spread over many ciphertext bits. Diffusion: the influence of one plaintext bit is spread over many ciphertext bits. The goal of diffusion is to hide statistical properties of the plaintext. Achieved by substitution boxes (S-boxes) and permutation boxes (P-boxes). Iteration: substitution and permutation boxes are iterated, producing a product cipher. Confusion Diffusion x Block Cipher y1= y2= x1= Block x2= Cipher y1= y2= k1= k2= k

11 SP Network vs. Feistel Network SP Network Feistel Network L R f K0 f K1 f K2 f K3 S T Round function f also uses an SPN. It should behave like a random function.

12 Confusion and Diffusion Failure to achieve confusion property might allow for an attack that is faster than key exhaustive search What if a 2n-bit key n-bit block cipher is represented by E k1 k 2 (x) = F k1 (x) F k2 (x), for some keyed function F? Failure to achieve diffusion property might allow for a statistical attack (letter frequency analysis)

13 A Substitution Cipher Using an Arbitrary Table Idea: Substitute each letter of the alphabet with another one by an arbitrary table Example A B C D E F G H I J K L M k d w g u z b y s m t f e N O P Q R S T U V W X Y Z x v r a i h j c n o l q p What is the encryption of SEVEN YEARS AGO"? What is the key of this cipher? How many keys can be used? How this cipher can be attacked?

14 Cryptanalysis of a Substitution Cipher Observation: Each plaintext symbol always maps to the same ciphertext symbol 1. Frequency of letters in English text (%) E T A O N R I S H D L F C M U G Y P W B V K X J Q Z Most common English bigrams (frequency per 1000 words) th he an re er in on at nd st es en of te ed

15 Stream Ciphers Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, Synchronous stream ciphers use a key stream that depends only on the key (most stream ciphers) 2. Asynchronous stream ciphers use a key stream that depends on the key and the ciphertext Remark 1. Block ciphers are used more often than stream ciphers 2. Stream ciphers tend to be more efficient than block ciphers: suitable for highly constrained environments

16 Stream Ciphers Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010 Definition (Stream cipher encryption and decryption) The plaintext, the ciphertext and the key stream consist of individual bits, i.e., x i, y i, s i {0, 1}. Encryption: y i = e si (x i ) = (x i + s i mod 2)(= x i s i ) Decryption: x i = d si (y i ) = (y i + s i mod 2)(= y i s i ) Remark 1. Encryption and decryption are the same functions 2. The generation of the key stream is the central issue for the security of stream ciphers (randomness)

17 Generating Random" Key Streams 1. True Random Number Generators (TRNG) Based on physical random processes: coin flipping, semiconductor noise, thermal noise, etc Generate 0 and 1 with probability 1/2 Typically used to generate session keys and nonces 2. Pseudorandom Number Generators (PRNG) Computed from an initial seed value Have good statistical properties 3. Cryptographically Secure PRNG (CSPRNG) PRNG with unpredictability: given N output bits s i, s i+1,..., s N 1, it should be hard to predict the next bit s N

18 An Unbreakable Stream Cipher As a stream cipher TRNG: a key stream should be shared between Alice and Bob used in OTP CSPRNG: a key should be shared between Alice and Bob One-Time Pad(OTP) A stream cipher for which 1. the key stream s 0, s 1, s 2... is generated by a TRNG, and 2. the key stream is only known to the legitimate communicating parties, and 3. every key stream bit s i is only used once is called a one-time pad. The one-time pad is unconditionally secure (i.e., cannot be broken even with infinite computational resources). Then what is the main drawback of OTP?

19 PRNG: Linear Feedback Shift Registers (LFSR) Feedback coefficients: p 0,..., p m 1 {0, 1} (degree= m) Initial values: s 0,..., s m 1 {0, 1} Recursive relation: s i+m = ( m 1 j=0 p j s i+j mod 2), i 0 Characteristic polynomial: P(x) = x m + p m 1 x m p 1 x + p 0 Linear Feedback Shift Registers (LFSRs) Very efficient, easy to implement! Concatenated flip-flops (FF), i.e., a shift register together with a feedback path Feedback computes fresh input by XOR of certain state bits Degree m given by number of storage elements Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

20 PRNG: Linear Feedback Shift Registers (LFSR) Linear Feedback Shift Registers (LFSRs): Example with m=3 Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010 Example Maximum output length (of 2 3-1=7) achieved only for certain feedback configurations,.e.g., the one shown here. clk FF 2 FF 1 FF 0 =s i LFSR 1. output With described an initial by recursive stateequation: of (s 2, s 1, s 0 ) = (1, 0, 0), 1 compute 0 1 s i 0for s i + 3 = i = si + 10, +. s. i. mod, What is the period of this LFSR sequence? 3. Can we construct an LFSR with period > 7? As a stream cipher, what is the weakness6of this 0 LFSR?

21 PRNG: Linear Feedback Shift Registers (LFSR) Theorem The maximum sequence length generated by an LFSR of degree m is 2 m 1. Proof. The m internal register bits of an LFSR determine the next bit. Therefore, as soon as an LFSR has a previous state, it starts to repeat. Since the m internal register bits can only take 2 m 1 states, the maximum sequence length before repetition is 2 m 1. Remark For any m > 0, there is a polynomial of degree m over GF(2) called primitive". Each primitive polynomial generates a sequence of the maximum length 2 m 1.

22 Security of LFSR as CPRNG In a known-plaintext attack, an attacker is assumed to know some plaintext and the corresponding ciphertext. This means the attacker knows a certain number of key stream bits. When the initial values are used as a key: vulnerable to a known-plaintext attack (with m key stream bits). When the feedback coefficients are used as a key: vulnerable to a known-plaintext attack (solving a system of linear equations defined by 2m key stream bits).

23 Problems 1. (a) Find every irreducible polynomial of degree 3 over GF(2). (b) Describe the LFSR defined by each irreducible polynomial. (c) With IV = (1, 1, 1), compute the first 10 output bits. 2. With the recurrence s i+3 = s i+1 + s i and a secret IV, it produces (The first bit is the last produced one.) What is the next three output bits? 3. An LFSR of degree 4 with the maximum sequence length produces What is the next four output bits?

24 An Example of CSPRNG: Trivium Trivium uses LFSRs as its building blocks A Modern Stream Cipher - Trivium Three nonlinear LFSRs (NLFSR) of length 93, 84, 111 Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010 XOR-Sum of all three NLFSR outputs generates key stream s i Initialization: Small in Hardware: 1. Load 80-bit IV into A Total register count: Load 80-bit key into B Non-linearity: 3 AND-Gates 3. c 109 = 7 XOR-Gates c 110 = c(4 111 with = three 1 inputs) and all other bits are set to 0 25/27 Chapter 2 of Understanding Cryptography by Christof Paar and Jan Pelzl 4. Clock the cipher 4 x 288 = 1152 times

25 History of DES The National Bureau of Standards (NBS) initiates a request for proposals for a standardized cipher in the US (1972) IBM submits a block cipher designed based on Lucifer that encrypts 64-bit blocks using 128-bit keys (1974) Lucifer is a family of ciphers developed by Horst Feistel in the late 1960s The NBS requests the help of the National Security Agency (NSA) Key length reduced from 128 bit to 56 bit The NBS releases all specs of the modified IBM cipher as the Data Encryption Standards (DES) (1977) Due to its short key length, it is used until 1999, and replaced by Advanced Encryption Standard (AES)

26 Security of DES Exhaustive Key Search Feasible due to short key length (56-bit keys) Can break DES in 6.4 days at a cost of $10,000 (2008) Analytical Attack Differential cryptanalysis(dc) and linear cryptanalysis(lc) We say a block cipher is broken" when an analytical attack is faster than exhaustive key search DES is secure against DC, but if the number of rounds is small... DES is broken by LC, but it is not practical 2 43 plaintext-ciphertext pairs are needed

27 single bit flip Overview of the DES Algorithm many bit flips Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

28 DES Encryption Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

29 DES Encryption Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

30 DES Encryption 16-round Feistel structure 1. Input: L 0 R 0 2. (L i, R i ) = (R i 1, L i 1 f (R i 1, k i )) for i = 1,..., Output: L 16 R 16 Property The Feistel structure is a permutation for any keys k i. Property Encryption and decryption of the Feistel structure (with no swap in the last round) differ only in key schedule.

31 DES Encryption Bitwise Permutations. Inverse operations. Described by tables IP and IP -1. Initial Permutation Final Permutation 14/29 Chapter 3 of Understanding Source: C. Cryptography Paar andby J. Christof Pelzl, Understanding Paar and Jan Pelzl Cryptography, Springer, 2010 Does not increase the security of DES Probably for efficient hardware implementation

32 DES Encryption The f -function Expansion E Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

33 DES Encryption S-box substitution Permutation P Example What is S 1 (100101)? Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

34 DES Key Schedule Algorithm Permuted Choice PC-1 Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

35 DES Key Schedule Algorithm Permuted Choice PC-2 In rounds i = 1, 2, 9, 16: two halves rotated left by one bit The other rounds: two halves rotated left by two bits Note that (C 0, D 0 ) = (C 16, D 16 ) Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

36 DES Decryption Reversed key schedule In rounds i = 2, 9, 16: two halves rotated right by one bit The other rounds: two halves rotated right by two bits With the same round keys in reverse order, the encryption and the decryption functions are the same! Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

37 DES Decryption In rounds i = 1, 2, 9, 16: 1-bit Left Rotation The other rounds: 2-bit No rotation in round 1 In rounds i = 2, 9, 16: 1-bit Right Rotation The other rounds: 2-bit Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

38 History of AES US NIST(National Institute of Standards and Technology) announced 3DES should be used instead of DES (1996) However, 3DES is slow and block size is too small for certain applications (hash functions etc.) NIST called for proposals for a new Advanced Encryption Standard (AES) as an open process (1997) Requirements 128-bit block size 128, 192, 256-bit key supported security relative to other submissions efficiency in software and hardware 15 algorithms collected (1998) 5 finalists announced (1999) Mars(IBM), RC6(RSA), Rijndael(J.Daemen, V.Rijmen), Serpent(R.Anderson, et.al.),twofish(b.schneier et.al.) Rijndael was chosen as the AES (2000)

39 Overview of the AES Algorithm x 128 AES 128/192/256 k y 128 DES ES -1 key lengths # rounds k2 192 k Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

40 AES Round Function Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

41 AES Round Function: Byte Substitution Layer S-box: B i = S(A i ) GF(2 8 ) inverse Affine mapping Ai B'i Bi 1. In GF(2 8 ) (finite field of 2 8 elements), B i = (A i ) 1 GF(2 8 ) = GF(2)[x]/ < x 8 + x 4 + x 3 + x + 1 > x 2. In GF(2) 8 (vector space over GF(2)), 128 b 0 b 1 b 2 b 3 b 4 b 5 b 6 b AES k y = DES DES DES 1 128/192/256 b 0 b 1 b 2 b 3 b 4 b 5 b 6 b

42 AES Round Function: Byte Substitution Layer S-box Table Lookup S(xy) is...(in hexadecimal notation)

43 AES Round Function: Diffusion Layer ShiftRows Sublayer B 0 B 4 B 8 B 12 B 1 B 5 B 9 B 13 B 2 B 6 B 10 B 14 B 3 B 7 B 11 B 15 B 0 B 4 B 8 B 12 B 5 B 9 B 13 B 1 B 10 B 14 B 2 B 6 B 15 B 3 B 7 B 11 no shift 1 pos. 2 pos. 3 pos. MixColumn Sublayer In GF(2 8 ), C 0 C 4 C 8 C 12 C 1 C 5 C 9 C 13 C 2 C 6 C 10 C 14 C 3 C 7 C 11 C 15 = B 0 B 4 B 8 B 12 B 5 B 9 B 13 B 1 B 10 B 14 B 2 B 6 B 15 B 3 B 7 B 11

44 AES Key Schedule Algorithm k RC[i] = x i 1 in GF (2 8 ) Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

45 AES Decryption Source: C. Paar and J. Pelzl, Understanding Cryptography, Springer, 2010

46 AES Decryption Inv MixColumn Sublayer In GF(2 8 ), B 0 B 4 B 8 B 12 B 5 B 9 B 13 B 1 B 10 B 14 B 2 B 6 B 15 B 3 B 7 B 11 = Inv ShiftRows Sublayer B 0 B 4 B 8 B 12 B 5 B 9 B 13 B 1 B 10 B 14 B 2 B 6 B 15 B 3 B 7 B 11 0E 0B 0D E 0B 0D 0D 09 0E 0B 0B 0D 09 0E B 0 B 4 B 8 B 12 B 1 B 5 B 9 B 13 B 2 B 6 B 10 B 14 B 3 B 7 B 11 B 15 C 0 C 4 C 8 C 12 C 1 C 5 C 9 C 13 C 2 C 6 C 10 C 14 C 3 C 7 C 11 C 15 no shift 1 pos. 2 pos. 3 pos. Inv Byte Substitution Layer It is possible to construct an inverse such that A i = S 1 (B i ) It is usually realized as a lookup table

47 AES Design Considerations In a Feistel cipher, half the bits are moved, but not changed during each round. AES treats all bits uniformly, making the effect of diffusing the input bits faster. The S-box was constructed in an explicit and simple algebraic way. The ShiftRow step resist the truncated differential analysis and the Square attack. The MixColumn causes diffusion among the bytes. A change in one input byte results in all four output bytes changing. Changes in two input bytes results in at least three output bytes changing.

48 AES Design Considerations The Key Schedule involves nonlinear mixing of the key bits using the S-box. Even though an attacker knows part of the key, it cannot deduce the remaining bits. It ensures that two distinct keys do not have a large number of round keys in common. The round constants eliminates symmetries in the encryption process by making each round different. Until recently, there have been no known attacks that are better than exhaustive key search up to six rounds. It was felt that four extra rounds provide a large enough security margin of safety.

49 DES vs. AES DES AES Feistel Network SP Network 8 different S-boxes: A single S-box not 1-1 (6-bit to 4-bit) 1-1 (8-bit to 8-bit) Design principle unclear Algebraic structure Encryption=Decryption Encryption Decryption using round keys in reverse order

50 Modes of Operation A block cipher by itself allows encryption only of a single data block of the cipher s block length. In order to encrypt a variable-length message, the data must first be partitioned into separate cipher blocks. Typically, the last block must also be extended to match the cipher s block length using a suitable padding scheme. The method of encrypting each of these blocks is called a mode of operation. A mode of operation generally uses randomization based on an additional input value, often called an initialization vector.

51 Modes of Operation ECB, CBC, OFB, and CFB were specified in FIPS 81, DES Modes of Operation" (1981). NIST added CTR mode in SP800-38A, Recommendation for Block Cipher Modes of Operation" (2001). NIST added XTS-AES in SP800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices" (2010). ECB, CBC, OFB, CFB, CTR, and XTS modes only provide confidentiality. Some modern modes of operation combine encryption and authentication in an efficient way, and are known as authenticated modes of operation.

52 Electronic Codebook Mode (ECB)

53 Electronic Codebook Mode (ECB) Both encryption and decryption algorithms are used Identical plaintext blocks map to identical ciphertext blocks images distinguishable Susceptible to codebook attacks and replay attacks Not recommended

54 Cipher Block Chaining Mode (CBC)

55 Cipher Block Chaining Mode (CBC) Invented by IBM in 1976 Both encryption and decryption algorithms are used An initialization vector is used IV does not need to be secret. However, in most cases, an initialization vector should not be reused under the same key Encryption cannot be parallelized / Decryption can be parallelized A one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext a one-bit change in the corresponding bit in the following block of plaintext

56 Cipher Feedback Mode (CFB)

57 Cipher Feedback Mode (CFB) Makes a block cipher into an asynchronous stream cipher Only an encryption algorithms is used Suitable for a block cipher for which decryption is slower than encryption An initialization vector is used Encryption cannot be parallelized / Decryption can be parallelized A one-bit change in the ciphertext causes a one-bit change in the corresponding plaintext block complete corruption of the following plaintext block

58 Output Feedback Mode (OFB)

59 Output Feedback Mode (OFB) Makes a block cipher into a synchronous stream cipher Only an encryption algorithms is used An initialization vector is used Encryption and decryption cannot be parallelized However, a keysteam can be computed in advance A one-bit change in the ciphertext causes only a one-bit change in the corresponding plaintext block

60 Counter Mode (CTR)

61 Counter Mode (CTR) Makes a block cipher into a synchronous stream cipher Only an encryption algorithms is used A nonce and a counter are used A counter produces a sequence which is guaranteed not to repeat for a long time Encryption and decryption can be parallelized A one-bit change in the ciphertext causes only a one-bit change in the corresponding plaintext block

62 Cryptanalysis Cryptanalysis Classical Cryptanalysis Implementation Attacks Social Engineering Mathematical Analysis Brute-Force Attacks Classical Analysis: tries to recover the plaintext x(or the key k) from the ciphertext y Mathematical Analysis: exploits the internal structure of the encryption method Exhaustive Key Search: treat the encryption algorithm as a black box and test all possible keys Implementation Attacks: use power consumption, electromagnetic radiation, runtime behavior, etc. Social Engineering Attacks: include bribing, blackmailing, tricking, espionage, etc.

63 Cryptanalysis An attacker looks for the weakest link in your cryptosystem. That means we have to choose strong algorithms and we have to make sure that social engineering and implementation attacks are not practical. Kerckhoffs Principle A cryptosystem should be secure even if the attacker knows all details about the system, with the exception of the secret key. In particular, the system should be secure when the attacker knows the encryption and decryption algorithms. Question Doesn t it improve the security to keep the details of an algorithm hidden? (This is called security by obscurity)

64 Exhaustive Key Search Revisited Exhaustive Key Search Let K = {k 1,..., k N } be the key space. Given t plaintext -ciphertext pairs (x 1, y 1 ),..., (x t, y t ), check for every k i K whether or not DES ki (x j ) = y j for all j = 1,..., t. If the equality holds, a possible correct key is found; if not, proceed with the next key. What if a wrong key k satisfies DES k (x j ) = y j for j = 1,..., t? Theorem Given a block cipher with a key length of κ bits and block size of n bits, as well as t plaintext-ciphertext pairs (x 1, y 1 ),..., (x t, y t ), the expected number of false keys which encrypt all plaintexts to the corresponding ciphertexts is 2 κ tn. Choose t such that 2 κ tn 1.

65 k1 k2 k3 Increasing the Security of DES: Double Encryption 2DES x DES DES y k1 k2 Example What is the size of the key space of 2DES? x DES DES DES y

66 Meet-in-the-middle Attack on 2DES 1. Table Computation: Given a plaintext-ciphertext pair (x 1, y 1 ), encrypt z = DES k (x 1 ) for every k {0, 1} 56. Arrange these values and store them in a list L. 2. Key Matching: Decrypt w = DES 1 k (y 1 ) for every k {0, 1} 56. If for some k, is in the list L, then we have w = DES 1 k (y 1 ) = DES k (x 1 ) Problems DES k DES k (x 1 ) = y What is the expected number of false keys when we use three plaintext-ciphertext pairs (x 1, y 1 ), (x 2, y 2 ), (x 3, y 3 )? 2. What is the number of encryptions, decryptions, and memory locations (of κ + n-bits) with t = 3?

67 DES DES Increasing the Security of DES: Triple Encryption k1 k2 3DES x DES DES DES y k1 k2 k3 Problem Apply the meet-in-the-middle attack to 3DES. What is the number of encryptions, decryptions, and memory locations (of n-bits)?

Chapter 3 Block Ciphers and the Data Encryption Standard

Chapter 3 Block Ciphers and the Data Encryption Standard Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition

More information

Content of this part

Content of this part UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1

More information

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher

More information

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by

More information

Symmetric Encryption. Thierry Sans

Symmetric Encryption. Thierry Sans Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion

More information

3 Symmetric Cryptography

3 Symmetric Cryptography CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption

More information

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a

More information

Network Security Essentials Chapter 2

Network Security Essentials Chapter 2 Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need

More information

CENG 520 Lecture Note III

CENG 520 Lecture Note III CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process

More information

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009 Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof

More information

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a

More information

Cryptography BITS F463 S.K. Sahay

Cryptography BITS F463 S.K. Sahay Cryptography BITS F463 S.K. Sahay BITS-Pilani, K.K. Birla Goa Campus, Goa S.K. Sahay Cryptography 1 Terminology Cryptography: science of secret writing with the goal of hiding the meaning of a message.

More information

Cryptography III: Symmetric Ciphers

Cryptography III: Symmetric Ciphers Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary

More information

Data Encryption Standard (DES)

Data Encryption Standard (DES) Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:

More information

AIT 682: Network and Systems Security

AIT 682: Network and Systems Security AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?

More information

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of

More information

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some 3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption

More information

Symmetric Encryption Algorithms

Symmetric Encryption Algorithms Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm

More information

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17

More information

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney. PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs

More information

Winter 2011 Josh Benaloh Brian LaMacchia

Winter 2011 Josh Benaloh Brian LaMacchia Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash

More information

P2_L6 Symmetric Encryption Page 1

P2_L6 Symmetric Encryption Page 1 P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,

More information

Lecture 1 Applied Cryptography (Part 1)

Lecture 1 Applied Cryptography (Part 1) Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication

More information

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori

More information

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel (a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two

More information

Content of this part

Content of this part UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this

More information

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50 Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested

More information

Symmetric Cryptography. Chapter 6

Symmetric Cryptography. Chapter 6 Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream

More information

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions

More information

Lecture 2: Secret Key Cryptography

Lecture 2: Secret Key Cryptography T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption

More information

CIS 4360 Secure Computer Systems Symmetric Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

More information

Computer Security 3/23/18

Computer Security 3/23/18 s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks

More information

Private-Key Encryption

Private-Key Encryption Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks

More information

Information Security CS526

Information Security CS526 Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for

More information

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

More information

Stream Ciphers An Overview

Stream Ciphers An Overview Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext

More information

Network Security Essentials

Network Security Essentials Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science

More information

Modern Symmetric Block cipher

Modern Symmetric Block cipher Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm

More information

Stream Ciphers and Block Ciphers

Stream Ciphers and Block Ciphers Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES

More information

7. Symmetric encryption. symmetric cryptography 1

7. Symmetric encryption. symmetric cryptography 1 CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption

More information

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption

More information

Symmetric key cryptography

Symmetric key cryptography The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and

More information

Block Ciphers. Advanced Encryption Standard (AES)

Block Ciphers. Advanced Encryption Standard (AES) Network Security - ISA 656 Angelos Stavrou September 28, 2008 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let

More information

Practical Aspects of Modern Cryptography

Practical Aspects of Modern Cryptography Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private

More information

Cryptography 2017 Lecture 3

Cryptography 2017 Lecture 3 Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad

More information

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322

More information

Cryptography MIS

Cryptography MIS Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message

More information

Stream Ciphers and Block Ciphers

Stream Ciphers and Block Ciphers Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.

More information

CSCE 813 Internet Security Symmetric Cryptography

CSCE 813 Internet Security Symmetric Cryptography CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability

More information

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and

More information

Week 5: Advanced Encryption Standard. Click

Week 5: Advanced Encryption Standard. Click Week 5: Advanced Encryption Standard Click http://www.nist.gov/aes 1 History of AES Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty

More information

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis

More information

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Lecture 6 Michael J. Fischer Department of Computer Science Yale University January 27, 2010 Michael J. Fischer CPSC 467b, Lecture 6 1/36 1 Using block ciphers

More information

CSC574: Computer & Network Security

CSC574: Computer & Network Security CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems

More information

Secret Key Cryptography

Secret Key Cryptography Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would

More information

Conventional Encryption: Modern Technologies

Conventional Encryption: Modern Technologies Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution

More information

Crypto: Symmetric-Key Cryptography

Crypto: Symmetric-Key Cryptography Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three

More information

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated

More information

Double-DES, Triple-DES & Modes of Operation

Double-DES, Triple-DES & Modes of Operation Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES

More information

ECE 646 Lecture 8. Modes of operation of block ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.

More information

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types

More information

Chapter 6: Contemporary Symmetric Ciphers

Chapter 6: Contemporary Symmetric Ciphers CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?

More information

Fundamentals of Cryptography

Fundamentals of Cryptography Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network

More information

CSE 127: Computer Security Cryptography. Kirill Levchenko

CSE 127: Computer Security Cryptography. Kirill Levchenko CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY

More information

Modern Block Ciphers

Modern Block Ciphers Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate

More information

Cryptography III: Symmetric Ciphers

Cryptography III: Symmetric Ciphers Cryptography III: Symmetric Ciphers Computer Security Lecture 4 David Aspinall School of Informatics University of Edinburgh 26th January 2012 Outline Stream ciphers Block ciphers DES and Rijndael Summary

More information

ASSIGNMENT 5 TIPS AND TRICKS

ASSIGNMENT 5 TIPS AND TRICKS ASSIGNMENT 5 TIPS AND TRICKS linear-feedback shift registers Java implementation a simple encryption scheme http://princeton.edu/~cos26 Last updated on /26/7 : PM Goals OOP: implement a data type; write

More information

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message

More information

Goals of Modern Cryptography

Goals of Modern Cryptography Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary

More information

Computer Security CS 526

Computer Security CS 526 Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability

More information

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 6 January 25, 2012 CPSC 467b, Lecture 6 1/46 Byte padding Chaining modes Stream ciphers Symmetric cryptosystem families Stream ciphers

More information

Secret Key Cryptography Overview

Secret Key Cryptography Overview Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc01_07/ Block ciphers

More information

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017 COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Pseudorandom Permutations unctions that look like random permutations Syntax: Key space K (usually {0,1}

More information

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018 Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.

More information

Lecture 4: Symmetric Key Encryption

Lecture 4: Symmetric Key Encryption Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by

More information

Symmetric Cryptography

Symmetric Cryptography CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...

More information

EEC-484/584 Computer Networks

EEC-484/584 Computer Networks EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to

More information

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,

More information

Computer and Data Security. Lecture 3 Block cipher and DES

Computer and Data Security. Lecture 3 Block cipher and DES Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach

More information

Cryptographic Algorithms - AES

Cryptographic Algorithms - AES Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel

More information

Lecture 3: Symmetric Key Encryption

Lecture 3: Symmetric Key Encryption Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07

More information

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working

More information

Symmetric Key Cryptography

Symmetric Key Cryptography Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver

More information

1 Achieving IND-CPA security

1 Achieving IND-CPA security ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

More information

Part XII. From theory to practice in cryptography

Part XII. From theory to practice in cryptography Part XII From theory to practice in cryptography FROM CRYPTO-THEORY to CRYPTO-PRACTICE FROM CRYPTO-THEORY to CRYPTO-PRACTICE In this chapter we deal with several applied cryptography methods, systems and

More information

Lecture 2: Shared-Key Cryptography

Lecture 2: Shared-Key Cryptography Graduate Course on Computer Security Lecture 2: Cryptography Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ DIMI, Universita di Udine,

More information

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015 L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining

More information

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions

More information

Cryptography Functions

Cryptography Functions Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)

More information

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu Introduction to Cryptographic Systems Asst. Prof. Mihai Chiroiu Vocabulary In cryptography, cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Decryption

More information

Applied Cryptography Data Encryption Standard

Applied Cryptography Data Encryption Standard Applied Cryptography Data Encryption Standard Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 History DES has a checkered history. The book provided fascinating reading

More information

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P)) CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption

More information

Block Cipher Operation. CS 6313 Fall ASU

Block Cipher Operation. CS 6313 Fall ASU Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES

More information

This chapter gives an introduction to stream ciphers:

This chapter gives an introduction to stream ciphers: Chapter 2 Stream Ciphers If we look at the types of cryptographic algorithms that exist in a little bit more detail, we see that the symmetric ciphers can be divided into stream ciphers and block ciphers,

More information

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions

More information

New Kid on the Block Practical Construction of Block Ciphers. Table of contents

New Kid on the Block Practical Construction of Block Ciphers. Table of contents New Kid on the Block Practical Construction of Block Ciphers Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Substitution-permutation

More information