ECE 646 Lecture 7. Data Encryption Standard DES. Secret-Key Ciphers. Secret agreement between IBM & NSA, 1974
|
|
- Kenneth Terry
- 6 years ago
- Views:
Transcription
1 C 646 Lecture 7 Secret-Key Ciphers Data Standard DS NBS public request for a standard cryptographic algorithm May 15, 1973, August 27, 1974 The algorithm must be: secure public - completely specified - easy to understand - available to all users economic and efficient in hardware able to be validated exportable Secret agreement between IBM & NSA, 1974 Obligations of IBM: Algorithm developed in secret by IBM NSA reserved a right to monitor the development and propose changes No software implementations, just hardware chips IBM not allowed to ship implementations to certain countries License required to ship to carefully selected customers in approved countries Obligations of NSA: seal of approval 1
2 DS - chronicle of events NBS issues a public request for proposals for a standard cryptographic algorithm first publication of the IBM s algorithm and request for comments NBS organizes two workshops to evaluate the algorithm official publication as FIPS PUB 46: Data Standard 1983, 1987, recertification of the algorithm for another five years software implementations allowed to be validated Controversies surrounding DS Unknown design criteria Most criteria reconstructed from cipher analysis 1990 Reinvention of differential cryptanalysis Slow in software Only hardware implementations certified 1993 Software, firmware and hardware treated equally Too short key Theoretical designs of DS breaking machines 1998 Practical DS cracker built Life of DS DS - external look American standards Other popular algorithms DS 56 bit key IDA RC5 AS 2002 contest Blowfish Serpent Twofish RC6 Triple DS 112, 168 bit 168 bit only AS - Rijndael 128, 192, and 256 bit keys plaintext block 64 bits DS 56 bits ciphertext block 64 bits key CAST Mars 2
3 Round Key[0] Typical Flow Diagram of a Secret-Key Block Cipher Initial transformation i:=1 DS high-level internal structure Round Key[i] Cipher Round i<#rounds? i:=i+1 #rounds times Round Key[#rounds+1] Final transformation Classical Feistel Network plaintext = L 0 R 0 for i=1 to n { L i =R i-1 R i =L i-1 Å f(r i-1, K i ) } L n+1 = R n R n+1 = L n ciphertext = L n+1 R n+1 IP L 0 R 0 f L 1 R 1 f L 2 R 2 L 15 R 15 f K 1 K 2 K 16 DS Main Loop Feistel Structure L n+1 =R n R n+1 =L n Å f(r n, K n+1 ) R 16 L 16 IP -1 3
4 Feistel Structure IP -1 Decryption IP Decryption L 0 R 0 f K 1 R 16 L 16 f K 16 L n R n L n R n f K n+1 f K n+1 L 1 f R 1 K 2 R 15 f L 15 K 15 L n+1 R n+1 L n+1 R n+1 L 2 R 2 R 14 L 14 L n+1, R n+1?? L 15 R 15 f K 16 R 1 L 1 f K 1 f K n+1 R 16 L 16 L 0 R 0 L n, R n?? IP IP -1 Mangler Function of DS, F 4
5 Notation for Permutations Input i 1 i 2 i 3 i 4 i 5 i 6 i 7 i 8 i 9 i 10 i 56 i 57 i 58 i 59 i 60 i 61 i 62 i 63 i i 58 i 50 i 42 i 34 i 26 i 18 i 10 i 2 i 5 i 63 i 55 i 47 i 39 i 31 i 23 i 15 i 7 Output Notation for S-boxes Input i 1 i 2 i 3 i 4 i 5 i 6 i 1 i 6 determines a row number in the S-box table, 0..3 i 2 i 3 i 4 i 5 determine a column in the S-box table, o 1 o 2 o 3 o 4 is a binary representation of a number from in the given row and the given column o 1 o 2 o 3 o 4 Output 5
6 1. Randomness General design criteria of DS 2. Avalanche property changing a single bit at the input changes on average half of the bits at the output 3. Completeness property every output bit is a complex function of all input bits (and not just a subset of input bits) 4. Nonlinearity encryption function is non-affine for any value of the key 5. Correlation immunity output bits are statistically independent of any subset of input bits Completeness property very output bit is a complex function of all input bits (and not just a subset of input bits) Formal requirement: For all values of i and j, i=1..64, j=1..64 there exist inputs X 1 and X 2, such that X 1 x 1 x 2 x 3 x i-1 0 x i+1 x 63 x 64 X 2 x 1 x 2 x 3 x i-1 1 x i+1 x 63 x 64 Y 1 = DS(X 1 ) y 1 y 2 y 3 y j-1 y j y j+1 y 63 y 64 Y 2 = DS(X 2 ) y 1 y 2 y 3 y j-1 y j y j+1 y 63 y 64 Linear Transformations Transformations that fulfill the condition: T(X [m x 1] ) = Y [n x 1] = A [n x m] X [m x 1] or T(X 1 Å X 2 ) = T(X 1 ) Å T(X 2 ) Affine Transformations Transformations that fulfill the condition: T(X [m x 1] ) = Y [n x 1] = A [n x m] X [m x 1] Å B [n x 1] 6
7 Linear Transformations of DS IP, IP -1,, PC1, PC2, SHIFT e.g., IP(X 1 Å X 2 ) = IP(X 1 ) Å IP( X 2 ) S Design of S-boxes S[0..15] Non-Linear and non-affine transformations of DS in out = S[in] There are no such matrices A [4x6] and B [4x1] that S S(X [6x1] ) = A [4x6] X [6x1] Å B [4x1] 16!» possibilities precisely defined initially unpublished criteria resistant against differential cryptanalysis (attack known to the designers and rediscovered in the open research in 1990 by. Biham and A. Shamir) Project: Method: Theoretical design of the specialized machine to break DS Basic component: Michael Wiener, ntrust Technologies, 1993, 1997 exhaustive key search attack specialized integrated circuit in CMOS technology, 75 MHz Checks: 200 mln keys per second Costs: $10 Total cost $ 1 mln $ stimated time 35 minutes 6 hours plaintext DS breaking machine known ciphertext key counter Round key Round 1 key 1 Key Scheduling Round 1 Round 2. Round 16 comparator Round key 2 Round key 16 known plaintext Key Scheduling Round 2. Key Scheduling Round 16 7
8 Deep Crack lectronic Frontier Foundation, 1998 Total cost: $220,000 Average time of search: 4.5 days/key Deep Crack Parameters Number of ASIC chips 1800 Clock frequency 40 MHz Number of clock cycles per key ASIC chips, 40 MHz clock Number of search units per ASIC Search speed Average time to recover the key bln keys/s 4.5 days COPACOBANA Cost-Optimized Parallel COde Breaker Ruhr University, Bochum, University of Kiel, Germany, 2006 Cost: 8980 (ver. 1) COPACOBANA Based on Xilinx FPGAs (Field Programmable Gate Arrays) ver. 1 based on 120 Spartan 3 FPGAs ver. 2 based on 128 Virtex 4 SX 35 FPGAs Description, FAQ, and news available at For ver. 1 based on Spartan FPGAs Clock frequency = 136 MHz Average search time for a single DS key = 6.4 days Worst case search time for a single DS key = 12.8 days 8
9 Secure key length today and in 20 years (against an intelligence agency with the budget of $300M) key length 93 bits 128 bits IDA, minimum key length in AS 112 bits Triple DS with three different keys 99 bits Secure key length in bits Skipjack 56 bits DS Secure key length in 2017 Secure key length - discussion increasing key length in a newly developed cipher costs NOTHING increasing effective key length, assuming the use of an existing cipher has a limited influence on the efficiency of implementation (Triple DS) It is economical to use TH SAM secure key length FOR ALL aplications The primary barriers blocking the use of symmetric ciphers with a secure key length have been of the political nature (e.g., export policy of USA) 9
10 Triple DS D mode with two keys encryption plaintext ciphertext Diffie, Hellman, 1977 Triple DS D mode with three keys encryption plaintext ciphertext Diffie, Hellman, 1977 encryption 56 K1 D 56 K1 encryption 56 K1 D 56 K1 D 56 K2 encryption 56 K2 D 56 K2 encryption 56 K2 encryption 56 K1 D 56 K1 encryption 56 K3 D 56 K3 ciphertext plaintext ciphertext plaintext Best Attacks Against Triple DS Version with three keys (168 bits of key) Meet-in-the-middle attack 2 32 known plaintexts steps 2 90 single DS encryptions, and 2 88 memory ffective key size = Version with two keys (112 bits of key) Advantages: Triple DS secure key length (112 or 168 bits) increased compared to DS resistance to linear and differential cryptanalysis possibility of utilizing existing implementations of DS Disadvantages: relatively slow, especially in software ffective key size =
11 Why a new standard? 1. Old standard insecure against brute-force attacks Advanced Standard AS 2. Straightforward fixes lead to inefficient implementations K1 K2 K3 Triple DS 3. New trends in fast software encryption use of basic instructions of the microprocessor 4. New ways of assessing cipher strength in differential cryptanalysis linear cryptanalysis out Why a contest? Focus the effort of cryptographic community Small number of specialists in the open research xternal format of the AS algorithm plaintext block 128 bits Stimulate the research on methods of constructing secure ciphers Avoid backdoor theories AS key 128, 192, 256 bits Speed-up the acceptance of the standard 128 bits ciphertext block 11
12 ach team submits Detailed cipher description Source code in C Rules of the contest Justification of design decisions Source code in Java Tentative results of cryptanalysis Test vectors June 1998 AS Contest ffort 15 Candidates from USA, Canada, Belgium, France, Germany, Norway, UK, Isreal, Korea, Japan, Australia, Costa Rica August final candidates Mars, RC6, Rijndael, Serpent, Twofish October winner: Rijndael Belgium Round 1 Security Software efficiency Round 2 Security Hardware efficiency AS contest - First Round 15 June 1998 Deadline for submitting candidates 21 submissions, 15 fulfilled all requirements August 1998 March 1999 August st AS Conference in Ventura, CA Presentation of candidates 2nd AS Conference in w Rome, Italy Review of results of the First Round analysis NIST announces five final candidates AS: Candidate algorithms North America (8) urope (4) Asia (2) Canada: CAST-256 Deal USA: Mars RC6 Twofish Safer+ HPC Costa Rica: Frog Germany: Magenta Belgium: Rijndael France: DFC Israel, UK, Norway: Serpent Korea: Crypton Japan: 2 Australia (1) Australia: LOKI97 12
13 AS Finalists (1) USA Mars - IBM C. Burwick, D. Coppersmith,. D Avignon, R. Gennaro, S. Halevi, C. Jutla, S. M. Matyas, L. O Connor, M. Peyravian, D. Safford, N. Zunic RC6 - RSA Data Security, Inc. R. Rivest - MIT M. Robshaw, R. Sidney, Y. L. Yin - RSA Twofish - Counterpane Systems B. Schneier, J. Kelsey, C. Hall, N. Ferguson - Counterpane, D.Whiting - Hi/fn, D. Wagner - Berkeley urope AS Finalists (2) Rijndael - J. Daemen, V. Rijmen Katholieke Universiteit Leuven Belgium Serpent - R. Anderson, Cambridge, ngland. Biham - Technion, Israel L. Knudsen, University of Bergen, Norway How NIST has made a final decision? BASIC CRITRIA = security software efficiency hardware efficiency flexibility Security 13
14 Security: Theoretical attacks better than exhaustive key search Security: Theoretical attacks better than exhaustive key search Serpent Serpent 28% 72% Twofish Twofish 38% 62% Mars without 16 mixing rounds Mars 69% 31% Rijndael Rijndael 70% 30% RC RC6 75% 25% # of rounds in the attack/total # of rounds # of rounds in the attack/total # of rounds 100% NIST Report: Security Security Margin High Adequate Serpent Rijndael RC6 MARS Twofish fficiency - What s more important: software or hardware? Simple Complex Complexity 14
15 Software or hardware? SOFTWAR low cost flexibility (new cryptoalgorithms, protection against new attacks) security of data during transmission HARDWAR speed random key generation access control to keys tamper resistance (viruses, internal attacks) fficiency indicators Primary efficiency indicators fficiency parameters Software Hardware Latency Throughput = Speed M i+2 M i M i+1 Speed Memory Speed Area Power consumption / C i Time to encrypt/decrypt a single block of data M i / Number of bits C i+2 encrypted/decrypted C i+1 in a unit of time C i Throughput = Block_size Number_of_blocks_processed_simultaneously Latency 15
16 fficiency in software fficiency in software: Code submitted by authors 200 MHz Pentium Pro, Borland C++ Speed [Mbits/s] 128-bit key 192-bit key bit key Rijndael RC6 Twofish Mars Serpent NIST Report: Software fficiency and Decryption Speed 32-bit processors 64-bit processors DSPs NIST Report: Software fficiency and speed in software on smart cards 8-bit processors 32-bit processors high medium RC6 Rijndael Mars Twofish Rijndael Twofish Mars RC6 Rijndael Twofish Mars RC6 high medium Rijndael RC6 Mars Twofish Rijndael RC6 Mars low Serpent Serpent Serpent low Serpent Twofish Serpent 16
17 fficiency in software Strong dependence on: 1. Instruction set architecture (e.g., variable rotations) 2. Programming language (assembler, C, Java) 3. Compiler fficiency in hardware 4. Programming style Primary ways of implementing cryptography in hardware ASIC Application Specific Integrated Circuit designs must be sent for expensive and time consuming fabrication in semiconductor foundry designed all the way from behavioral description to physical layout FPGA Field Programmable Gate Array bought off the shelf and reconfigured by designers themselves no physical layout design; design ends with a bitstream used to configure a device ASICs High performance Low power Low cost (but only in high volumes) Which way to go? FPGAs Off-the-shelf Low development costs Short time to the market Reconfigurability 17
18 fficiency in hardware: FPGA Virtex 1000: Speed Throughput [Mbit/s] Serpent I George Mason University University of Southern California Worcester Polytechnic Institute 149 Rijndael Twofish Serpent RC6 Mars I ASIC implementations: NSA group bit key scheduling 3-in-1 (128, 192, 256 bit) key scheduling Rijndael Serpent Twofish RC6 Mars I1 Speed NIST Report + GMU Report: Hardware fficiency GMU FPGA Results Selecting the Winner Straw AS 3 conference High Rijndael Serpent Medium Twofish RC6 Low Small MARS Medium Large Area Rijndael second best in FPGAs, selected as a winner due to much better performance in software 72 18
19 Input, internal state, and output 128 bits = 16 bytes Order of bytes within input, internal state, and output arrays a 0,0 a 1,0 a 2,0 a 3,0 a 0,1 a 1,1 a 2,1 a 3,1 a 0,2 a 1,2 a 2,2 a 3,2 a 0,3 a 1,3 a 2,3 a 3,3 column 0 column 1 column 2 column 3 a 0,0 a 0,1 a 0,2 a 0,3 a 1,0 a 1,1 a 1,2 a 1,3 a 2,0 a 2,1 a 2,2 a 2,3 a 3,0 a 3,1 a 3,2 a 3,3 SubBytes S-box: substitution values for the byte xy (in hexadecimal notation) S-box a 0,0 a 0,1 a 0,2 a 0,3 a 1,0 a 1,1 a 1,2 a 1,3 i,j a 2,0 a 2,1 a 2,2 a 2,3 a 3,0 a 3,1 a 3,2 a 3,3 b 0,0 b 0,1 b 0,2 b 0,3 b 1,0 b 1,1 ba 1,2 b 1,3 i,j b 2,0 b 2,1 b 2,2 b 2,3 b 3,0 b 3,1 b 3,2 b 3,3 Bytes are transformed by applying an invertible S-box One single S-box for the complete cipher 19
20 ShiftRows MixColumns a b c d e f g h i j k l m n o p no shift cyclic shift left by C1=1 cyclic shift left by C2=2 cyclic shift left by C3=3 a b c d f g h e k l i j p m n o a 0,0 a 0,1 a 0,20,j a 0,3 a 1,0 a 1,1 a 1,2 a 1,3 1,j a 2,0 a 2,1 2,2 a a 2,3 a 3,0 a 3,1 a 2,j 3,2 a 3,3 a 3,j b 0,0 b 0,1 ba 0,j 0,2 b 0,3 b 1,0 b 1,1 a 1,2 b b 1,3 1,j b 2,0 b 2,1 a 2,2 b 2,3 b b 3,0 b 3,1 a 2,j 3,2 b 3,3 b 3,j High diffusion A difference in 1 input byte propagates to all 4 output bytes A difference in 2 input bytes propagates to at least 3 output bytes Any linear relation between input and output bits involves bits from at least 5 different bytes (branch number = 5) AddRoundKey a 0,0 a 0,1 a 0,2 a 0,3 a 1,0 a 1,1 a 1,2 a 1,3 a 2,0 a 2,1 a 2,2 a 2,3 a 3,0 a 3,1 a 3,2 a 3,3 + k 0,0 k 0,1 k 0,2 k 0,3 k 1,0 k 1,1 k 1,2 k 1,3 k 2,0 k 2,1 k 2,2 k 2,3 k 3,0 k 3,1 k 3,2 k 3,3 = b 0,0 b 0,1 b 0,2 b 0,3 b 1,0 b 1,1 b 1,2 b 1,3 b 2,0 b 2,1 b 2,2 b 2,3 b 3,0 b 3,1 b 3,2 b 3,3 simple bitwise addition (xor) of round keys Block length 128 bits Nb=4 192 bits Nb=6 256 bits Nb=8 Number of rounds 128 bits Nk=4 Key length 192 bits Nk=6 256 bits Nk= required by the standard non-standard extensions 20
21 Pseudocode for AS encryption Modes of Operation of Block Ciphers Block vs. stream ciphers Typical stream cipher K M 1, M 2,, M n Block cipher K m 1, m 2,, m n Internal state - IS Stream cipher Sender key initialization vector (seed) Pseudorandom Key Generator Receiver key initialization vector (seed) Pseudorandom Key Generator C 1, C 2,, C n c 1, c 2,, c n k i keystream k i keystream C i =f K (M i ) c i = f K (m i, IS i ) IS i+1 =g K (m i, IS i ) very block of ciphertext is a function of only one corresponding block of plaintext very block of ciphertext is a function of the current block of plaintext and the current internal state of the cipher m i plaintext c i ciphertext c i ciphertext m i plaintext 21
22 Standard modes of operation of block ciphers Block ciphers CB mode Stream ciphers Counter mode OFB mode CFB mode CBC mode CB (lectronic CodeBook) mode lectronic CodeBook Mode CB lectronic CodeBook Mode CB Decryption M 1 M 2 M 3 M N-1 M N C 1 C 2 C 3 C N-1 C N K K K K K K K K K K D D D D D C 1 C 2 C 3 C N-1 C N M 1 M 2 M 3 M N-1 M N C i = K (M i ) for i=1..n M i = K (C i ) for i=1..n 22
23 Criteria for Comparison of Modes of Operation hiding repeating message blocks speed capability for parallel processing and pipelining during encryption / use of block cipher operations (encryption only or both) capability for preprocessing during encryption / capability for random access for the purpose of reading / writing number of plaintext and ciphertext blocks required for exhaustive key search error propagation in the message after modifying / deleting one block / byte / bit of the corresponding ciphertext Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access Block Cipher Modes of Operation Basic Features (1) CB CTR OFB CFB CBC No s CB and and No R/W Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block rror propagation in the decrypted message Counter Mode Modification of j-bits Deletion of j bits Integrity L bits Current and all subsequent No 23
24 Counter Mode - CTR N-2 +N-1 K K K K K k 1 k 2 k 3 k N-1 k N Counter Mode - CTR Decryption N-2 +N-1 K K K K K k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c 1 c 2 c 3 c N-1 c N c i = m i Å k i k i = K (+i-1) for i=1..n m 1 m 2 m 3 m N-1 m N m i = c i Å k i k i = K (+i-1) for i=1..n K counter IN OUT 1 L m i c i Counter Mode - CTR c i K counter 1 L 1 L IS 1 = c i = K (IS i ) Å m i IS i+1 = IS i +1 IN OUT 1 L m i m 1 m 2 m 3 J-bit Counter Mode - CTR N-2 +N-1 K K K K K j k 1 k 2 k 3 k N-1 k N j j j j j j j j j m N-1 m N j j j j j c 1 c 2 c 3 c N-1 c N c i = m i Å k i k i = (+i-1)[1..j] for i=1..n 24
25 K J-bit Counter Mode - CTR counter counter 1 L 1 L IN IN K OUT OUT j bits L-j bits j bits L-j bits 1 j L 1 j L c i c i m i m i Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access Block Cipher Modes of Operation Basic Features (1) CB CTR OFB CFB CBC No s CB and and No R/W Yes»j/L s CB and only Yes R/W Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block rror propagation in the decrypted message OFB (Output FeedBack) Mode Modification of j-bits Deletion of j bits Integrity L bits No j bits Current and Current and all subsequent all subsequent No 25
26 Output Feedback Mode - OFB Output Feedback Mode - OFB Decryption k 1 k 2 k 3 k N-1 k N k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N c i = m i Å k i k i = K (k i-1 ) for i=1..n, and k 0 = m i = c i Å k i k i = K (k i-1 ) for i=1..n, and k 0 = Output Feedback Mode - OFB J-bit Output Feedback Mode - OFB shift shift 1 L 1 L L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L K IN OUT 1 L IS 1 = c i = K (IS i ) Å m i IS i+1 = K (IS i ) K IN OUT 1 L K IN OUT j bits L-j bits 1 j L K IN OUT j bits L-j bits 1 j L c i c i c i c i m i m i m i m i 26
27 Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access Block Cipher Modes of Operation Basic Features (1) CB CTR OFB CFB CBC No Yes Yes s CB and and»j/l s CB and only»j/l s CB None only No Yes Yes R/W R/W No Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed rror propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) L bits j bits j bits Current and Current and all subsequent all subsequent Current and all subsequent No No No Cipher Feedback Mode - CFB CFB (Cipher FeedBack) Mode k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i Å k i k i = K (c i-1 ) for i=1..n, and c 0 = 27
28 Cipher Feedback Mode - CFB Decryption k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N K Cipher Feedback Mode - CFB IN 1 L 1 L OUT 1 L IS 1 = c i = K (IS i ) Å m i IS i+1 = c i K IN OUT 1 L c 1 c 2 c 3 c N-1 c N c i c i m i = c i Å k i k i = K (c i-1 ) for i=1..n, and c 0 = m i m i K shift j bits J-bit Cipher Feedback Mode - CFB IN OUT L-j bits 1 j L m i c i c i K shift L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L j bits IN OUT L-j bits 1 j L m i Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access Block Cipher Modes of Operation Basic Features (1) CB CTR OFB CFB CBC No Yes Yes Yes s CB»j/L s CB»j/L s CB»j/L s CB and and and only None only Decryption only only No Yes Yes No R/W R/W No R only 28
29 Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block rror propagation in the decrypted message 2 plaintext blocks, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks (for j=l) CBC (Cipher Block Chaining) Mode Modification of j-bits Deletion of j bits Integrity L bits j bits j bits L+j bits Current and Current and all subsequent all subsequent Current and all subsequent L bits No No No No Cipher Block Chaining Mode - CBC m 1 m 2 m 3 m N-1 m N Cipher Block Chaining Mode - CBC Decryption c 1 c 2 c 3 c N-1 c N D D D D D c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N c i = K (m i Å c i-1 ) for i=1..n c 0 = m i = D K (c i ) Å c i-1 for i=1..n c 0 = 29
30 Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access Block Cipher Modes of Operation Basic Features (1) CB CTR OFB CFB CBC No Yes Yes Yes Yes s CB»j/L s CB»j/L s CB»j/L s CB»s CB and and and only None only Decryption only only Decryption only and No Yes Yes No No R/W R/W No R only R only Block Cipher Modes of Operation Basic Features (2) CB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed rror propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks L bits j bits j bits L+j bits L+j bits Current and Current and all subsequent all subsequent Current and all subsequent L bits Current and all subsequent No No No No No valuation Criteria for Modes of Operation Security New modes of operation fficiency Functionality 30
31 Security fficiency valuation criteria (1) resistance to attacks proof of security random properties of the ciphertext number of calls of the block cipher capability for parallel processing memory/area requirements initialization time capability for preprocessing valuation criteria (2) Functionality security services - confidentiality, integrity, authentication flexibility - variable lengths of blocks and keys - different amount of precomputations - requirements on the length of the message vulnerability to implementation errors requirements on the amount of keys, initialization vectors, random numbers, etc. error propagation and the capability for resynchronization patent restrictions m 1 m 2 m 3 CBC m N-1 m N m 0 m 1 m 2 Counter mode N-1 +N k 0 k 1 k 2 k N-1 k N m N-1 m N c 1 c 2 c 3 c N-1 c N Problems: - No parallel processing of blocks from the same packet - No speed-up by preprocessing - No integrity or authentication c 0 c 1 c 2 c N-1 c N Features: + Potential for parallel processing + Speed-up by preprocessing - No integrity or authentication 31
32 Properties of existing and new cipher modes New CBC CFB OFB standard Proof of security 0 OCB - Offset Codebook Mode M 1 M 2 M N-1 M N Control sum length Parallel processing Preprocessing only L Z 1 Z 2 Z N-1 g(l) Z N Z N Integrity and authentication Resistance to implementation errors R C 1 Z 1 C 2 Z 2 Z N-1 C N-1 C N Z i =f(l, R, i) M N t bits T New modes of block ciphers 1. CCM - Counter with CBC-MAC developed by R. Housley, D. Whiting, N. Ferguson in 2002 assures simultaneous confidentiality and authentication not covered by any patent part of the I i standard for wireless networks 2. GCM Galois/Counter Mode developed by D. McGrew and J. Viega in 2005 assures simultaneous confidentiality and authentication not covered by any patent used in the I 802.1A (MACsec) thernet security, ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), I P tape storage, and ITF IPSec standards Properties of new modes of operation Proof of security Parallel processing Preprocessing Integrity and authentication Resistance to implementation errors CBC CFB OFB CTR CCM only Half of operations Half of Half of operations operations GCM 32
33 Confidentiality & Authentication Authenticated Ciphers Bob Alice CASAR Contest K AB N Message Authenticated Cipher K AB N Ciphertext Authenticated Cipher Decryption Tag N Ciphertext Tag invalid or Message K AB - Secret key of Alice and Bob N Nonce or Initialization Vector Confidentiality & Authentication Authenticated Ciphers Npub Nsec AD Message Key AB Npub nc Nsec AD Ciphertext Npub nc Nsec AD Ciphertext Key AB or Decryption Tag Tag Invalid Nsec AD Message Npub - Public Message Number Nsec - Secret Message Number nc Nsec - ncrypted Secret Message Number AD - Associated Data K AB - Secret key of Alice and Bob IX.1997 X.2000 AS Cryptographic Standard Contests NSSI I.2000 XII.2002 CRYPTRC 34 stream 4 HW winners ciphers + 4 SW winners 15 block ciphers 1 winner XI.2004 estram 51 hash functions 1 winner.2008 X.2007 X.2012 SHA-3 57 authenticated ciphers multiple winners I CASAR time 33
ECE 646 Lecture 7. Secret-Key Ciphers. Data Encryption Standard DES
ECE 646 Lecture 7 Secret-Key Ciphers Data Encryption Standard DES 1 NBS public request for a standard cryptographic algorithm May 15, 1973, August 27, 1974 The algorithm must be: secure public - completely
More informationData Encryption Standard
ECE 646 Lecture 7 Data Encryption Standard Required Reading W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationData Encryption Standard
ECE 646 Lecture 6 Data Encryption Standard Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:
C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,
More informationIDEA, RC5. Modes of operation of block ciphers
C 646 - Lecture 8 IDA, RC5 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationWeek 5: Advanced Encryption Standard. Click
Week 5: Advanced Encryption Standard Click http://www.nist.gov/aes 1 History of AES Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationHardware Architectures
Hardware Architectures Secret-key Cryptography Public-key Cryptography Cryptanalysis AES & AES candidates estream candidates Hash Functions SHA-3 Montgomery Multipliers ECC cryptosystems Pairing-based
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationECE 646 Lecture 12. Cryptographic Standards. Secret-key cryptography standards
ECE 646 Lecture 12 Cryptographic Standards Secret-key cryptography Federal Banking International NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES
More informationThe Advanced Encryption Standard (Rijndael)
The Advanced Encryption Standard (Rijndael) AES: Why a new Standard?. Old standard insecure against brute-force attacks 2. Straightforward fixes lead to inefficient Triple DES 3. implementations 4. New
More informationFast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining
Pawel Chodowiec, Po Khuon, Kris Gaj Electrical and Computer Engineering George Mason University Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining http://ece.gmu.edu/crypto-text.htm
More informationWeek 4. : Block Ciphers and DES
Week 4. : Block Ciphers and DES Model of Symmetric Cryptosystem Cryptanalyst Adversary M K E Insecure Channel D Plaintext M Ciphertext C Secure Channel Plaintext M Key K Shared Secret Key C = E K (M) D
More informationBlock Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2... M N. Then, each block M i is encrypted to the ciphertext block C i = K (M i ), and
More informationFederal standards NIST FIPS 46-1 DES FIPS 46-2 DES. FIPS 81 Modes of. operation. FIPS 46-3 Triple DES FIPS 197 AES. industry.
ECE 646 Lecture 12 Federal Secret- cryptography Banking International Cryptographic Standards NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES ANSI
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationL3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015
L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationLecture 4. Encryption Continued... Data Encryption Standard (DES)
Lecture 4 Encryption Continued... 1 Data Encryption Standard (DES) 64 bit input block 64 bit output block 16 rounds 64 (effective 56) bit key Key schedule computed at startup Aimed at bulk data >16 rounds
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationLecture 5. Encryption Continued... Why not 2-DES?
Lecture 5 Encryption Continued... 1 Why not 2-DES? 2DES: C = DES ( K1, DES ( K2, P ) ) Seems to be hard to break by brute force, approx. 2 111 trials Assume Eve is trying to break 2DES and has a single
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationECE Lecture 7. Towards modern ciphers. Data Encryption Standard and its extensions. Levels of Security
ECE 646 - Lecture 7 Towards modern ciphers Data Encryption tandard and its extensions Required Reading: I W tallings, "Cryptography and Network-ecurity," 4th Edition, Chapter 3: Block Ciphers and the Data
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationComp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today
Comp527 status items Crypto Protocols, part 2 Crypto primitives Today s talk includes slides from: Bart Preneel, Jonathan Millen, and Dan Wallach Install the smart card software Bring CDs back to Dan s
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5a January 29, 2013 CPSC 467b, Lecture 5a 1/37 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5 January 23, 2012 CPSC 467b, Lecture 5 1/35 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationImplementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001
Implementation and Performance analysis of Skipjack & Rijndael Algorithms by Viswnadham Sanku ECE646 Project Fall-2001 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. OBJECTIVE 3 2. SKIPJACK CIPHER 3 2.1 CIPHER
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationIntroduction to Cryptology. Lecture 17
Introduction to Cryptology Lecture 17 Announcements HW7 due Thursday 4/7 Looking ahead: Practical constructions of CRHF Start Number Theory background Agenda Last time SPN (6.2) This time Feistel Networks
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationSymmetric Cryptography. CS4264 Fall 2016
Symmetric Cryptography CS4264 Fall 2016 Correction: TA Office Hour Stefan Nagy (snagy2@vt.edu) Office hour: Thursday Friday 10-11 AM, 106 McBryde Hall 2 Slides credit to Abdou Illia RECAP AND HIGH-LEVEL
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationL3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L3: Basic Cryptography II Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 8/29/2016 CSCI 451 -Fall 2016 1 Acknowledgement Many slides are from or
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationLecture 13. Modern Cryptographic Algorithms. Key Sizes. Cryptographic Standards
Lecture 13 Modern Cryptographic Algorithms Key Sizes Cryptographic Standards Secret-Key Cryptography Modern Secret-Key Ciphers American standards 1980 1990 2000 2010 2020 2030 1977 1999 DES 56 bit key
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver
More informationOptimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,
Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2, Pursuing M.Tech., VLSI, U.V.Patel college of Engineering and Technology, Kherva, Mehsana, India
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays Kris Gaj and Pawel Chodowiec George Mason University, Electrical and
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationDIFFUSION AND TIME ANALYSIS FOR AES CANDIDATES
International Journal of Mathematics and Computer Applications Research (IJMCAR) ISSN 2249-6955 Vol. 3, Issue 2, Jun 2013, 281-288 TJPRC Pvt. Ltd. DIFFUSION AND TIME ANALYSIS FOR AES CANDIDATES MOHAN.H.S
More informationAES Java Technology Comparisons
February 7, 1999 AES Java Technology Comparisons Alan Folmsbee, Sun Microsystems, Inc. Advanced Encryption Standard candidate algorithm comparisons based on the Java technology implementations. 1.0 Introduction
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 7 September 23, 2015 CPSC 467, Lecture 7 1/1 Advanced Encryption Standard AES Alternatives CPSC 467,
More informationEncryption DES. Dr.Talal Alkharobi. The Data Encryption Standard (DES)
DES The Data Standard (DES) 2 A block cipher selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally.
More informationAES Advanced Encryption Standard
AES Advanced Encryption Standard AES is iterated block cipher that supports block sizes of 128-bits and key sizes of 128, 192, and 256 bits. The AES finalist candidate algorithms were MARS, RC6, Rijndael,
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 4, 2013 Part 4 Modern Crypto Block Ciphers (Iterated) Block Cipher Plaintext and ciphertext consist of fixed-sized blocks Ciphertext obtained from
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationCS Network Security. Module 6 Private Key Cryptography
CS 393 - Network Security Module 6 Private ey Cryptography Data Encryption Encryption is the process of encoding a message such that its meaning is not obvious. Decryption is the reverse process, ie, transforming
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationEfficient Hardware Design and Implementation of AES Cryptosystem
Efficient Hardware Design and Implementation of AES Cryptosystem PRAVIN B. GHEWARI 1 MRS. JAYMALA K. PATIL 1 AMIT B. CHOUGULE 2 1 Department of Electronics & Telecommunication 2 Department of Computer
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationA Brief Outlook at Block Ciphers
A Brief Outlook at Block Ciphers Pascal Junod École Polytechnique Fédérale de Lausanne, Suisse CSA 03, Rabat, Maroc, 10-09-2003 Content Generic Concepts DES / AES Cryptanalysis of Block Ciphers Provable
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationCryptography Trends: A US-Based Perspective. Burt Kaliski, RSA Laboratories IPA/TAO Cryptography Symposium October 20, 2000
Cryptography Trends: A US-Based Perspective Burt Kaliski, RSA Laboratories IPA/TAO Cryptography Symposium October 20, 2000 Outline Advanced Encryption Standard Dominant design Thoughts on key size Advanced
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationBlock Ciphers Introduction
Technicalities Block Models Block Ciphers Introduction Orr Dunkelman Computer Science Department University of Haifa, Israel March 10th, 2013 Orr Dunkelman Cryptanalysis of Block Ciphers Seminar Introduction
More informationCS 392/681 Computer Security. Module 1 Private Key Cryptography
CS 392/681 Computer Security Module 1 Private Key Cryptography Logistics Office hours Thursday 3 to 5 (tentative). Lab 0 due today. Lab 1 assigned. Due next Thursday!! ISIS is still unstable. Will fix
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationIntroduction to Modern Symmetric-Key Ciphers
Introduction to Modern Symmetric-Key Ciphers 1 Objectives Review a short history of DES. Define the basic structure of DES. List DES alternatives. Introduce the basic structure of AES. 2 Data Encryption
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationLecture 13. Modern Cryptographic Algorithms. Key Sizes. Cryptographic Standards. Secret-Key Cryptography. Modern Secret-Key Ciphers
Lecture 13 Modern Cryptographic Algorithms Key Sizes Cryptographic Standards Secret-Key Cryptography Modern Secret-Key Ciphers American standards 1980 1990 2000 2010 2020 2030 1977 1999 DES 56 bit key
More informationIntroduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space
Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori
More informationChap. 3. Symmetric Key Crypto (Block Ciphers)
Introduction to SW Security Chap. 3. Symmetric Key Crypto (Block Ciphers) Spring, 28 Cho, Seong-je ( 조성제 ) sjcho at dankook.ac.kr Many slides taken from Textbook (Its site), and Web sites Textbook M. T.
More information