Secret Key Cryptography Overview
|
|
- Naomi Francis
- 6 years ago
- Views:
Transcription
1 Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA These slides are available at: Block ciphers Feistel cipher Data Encryption Standard DES DES Encryption DES - Decryption Louisiana State University - Secret Key Cryptography - 1 Louisiana State University - Secret Key Cryptography - 2 Glossary plaintext message in its original form ciphertext encrypted message encryption process of producing ciphertext from plaintext decryption reverse process breaking encryption scheme discovering plaintext that matches ciphertext cryptoanalyst, attacker, intruder, bad guy an entity trying to break encryption Louisiana State University - Secret Key Cryptography - 3 Concepts block cipher encrypts blocks of data (say ), essentially substituting bit-data block by -bit encrypted block we can specify cipher by stating the complete data->encryption, is it possible? can two data blocks map to the same encrypted block? can we map a data block to a smaller (larger) encrypted block? two basic operations for k-bit blocks substitution for each 2 k inputs specify output, impractical for large k permutation for each bit specifies the output position it gets block encryption usually contains multiple rounds of substituitions and premutations Louisiana State University - Secret Key Cryptography - Modern Block Ciphers Will now look at modern block ciphers One of the most widely used types of cryptographic algorithms Provide secrecy and/or authentication services In particular will introduce DES (Data Encryption Standard) Block vs. Stream Ciphers Block ciphers process messages in into blocks, each of which is then en/decrypted Like a substitution on very big characters -bits or more Stream ciphers process messages a bit or byte at a time when en/decrypting Many current ciphers are block ciphers Hence are focus of course Louisiana State University - Secret Key Cryptography - 5 Louisiana State University - Secret Key Cryptography -
2 Block Cipher Principles Most symmetric block ciphers are based on a Feistel Cipher Structure Needed since must be able to decrypt ciphertext to recover messages efficiently Block ciphers look like an extremely large substitution Would need table of 2 entries for a -bit block Naïve: 2 input values, bits each, total 2 70 bits to store the mapping Output should look random No correlation between plaintext and ciphertext Bit spreading Instead create from smaller building blocks Using idea of a product cipher Claude Shannon and Substitution- Permutation Ciphers In 199 Claude Shannon introduced idea of substitutionpermutation (S-P) networks modern substitution-transposition product cipher These form the basis of modern block ciphers S-P networks are based on the two primitive cryptographic operations we have seen before: substitution (S-box) permutation (P-box) Provide confusion and diffusion of message Louisiana State University - Secret Key Cryptography - 7 Louisiana State University - Secret Key Cryptography - 8 Confusion and Diffusion Cipher needs to completely obscure statistical properties of original message A one-time pad does this More practically Shannon suggested combining elements to obtain: diffusion dissipates statistical structure of plaintext over bulk of ciphertext confusion makes relationship between ciphertext and key as complex as possible Block Ciphers Substitution: 2 k values: k 2 k bits Permutation: change position for each bit: klog 2 k bits Round: combination of substitution chunks and permutation do often enough so that a bit change can affect every output bit How many rounds? A few but not fewer Louisiana State University - Secret Key Cryptography - 9 Louisiana State University - Secret Key Cryptography - 10 Feistel Cipher Structure Horst Feistel devised the feistel cipher based on concept of invertible product cipher Partitions input block into two halves process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves Implements Shannon s substitution-permutation network concept Feistel Cipher Structure Louisiana State University - Secret Key Cryptography - 11 Louisiana State University - Secret Key Cryptography - 12
3 Feistel Cipher Design Principles Feistel Cipher Decryption block size increasing size improves security, but slows cipher key size increasing size improves security, makes exhaustive key searching harder, but may slow cipher number of rounds increasing number improves security, but slows cipher subkey generation greater complexity can make analysis harder, but slows cipher round function greater complexity can make analysis harder, but slows cipher fast software en/decryption & ease of analysis are more recent concerns for practical use and testing Louisiana State University - Secret Key Cryptography - 13 Louisiana State University - Secret Key Cryptography - 1 Data Encryption Standard (DES) Convert block to another: one-to-one Most widely used block cipher in world Adopted in 1977 by NBS (now NIST) as FIPS PUB Long enough to avoid known-plaintext attack bit nice for RISC Encrypts -bit data using 5-bit key Has been considerable controversy over its security Key length: 5bit 1979, bit- 1995, 128bit -? DES History IBM developed Lucifer cipher by team led by Feistel used -bit data blocks with 128-bit key Then redeveloped as a commercial cipher with input from NSA and others In 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES Louisiana State University - Secret Key Cryptography - 15 Louisiana State University - Secret Key Cryptography - 1 Block Cipher Scheme DES Design Controversy Plaintext block of length N Encrypt Decrypt Secret key Cipher block of length N Although DES standard is public Was considerable controversy over design in choice of 5-bit key (vs Lucifer 128-bit) and because design criteria were classified Subsequent events and public analysis show in fact design was appropriate DES has become widely used, esp in financial applications efficient to implement in hardware, but slow in software the adoption of DES was done without public scrutiny some operations are suspect security value of initial/final permutations is suspect Louisiana State University - Secret Key Cryptography - 17 Louisiana State University - Secret Key Cryptography - 18
4 DES (Data Encryption Standard) Published in 1977, standardized in Key: bit quantity=8-bit parity+5-bit key Every 8 th bit is a parity bit. bit input, bit output. bit M bit C DES Encryption -bit 8-bit Input K1 Permutation Round 1 Round 2... Round 1 Swap DES Top View Generate keys Initial Permutation 8-bit K1 8-bit K2 8-bit K1 Swap 32-bit halves 5-bit Key Permutation Final Permutation 5 bits Louisiana State University - Secret Key Cryptography bit Output Louisiana State University - Secret Key Cryptography - 20 Bit Permutation (1-to to-1) Bits Expansion (1-to to-m) Input: Input: bit Output Output Louisiana State University - Secret Key Cryptography - 21 Louisiana State University - Secret Key Cryptography - 22 Initial and Final Permutations Initial permutation (IP) View the input as M: 8(-byte) by 8(-bit) matrix Transform M into M1 in two steps Transpose row x into column (9-x), 0<x<9 Apply permutation on the rows: For even column y, it becomes row y/2 For odd column y, it becomes row (5+y/2) Quite regular in structure (easy in h/w) Example: IP(75a97 5e5ab5a) = (ffb219d 00dffb) Final permutation FP = IP -1 Initial and Final Permutations Louisiana State University - Secret Key Cryptography - 23 Louisiana State University - Secret Key Cryptography - 2
5 Per-Round Key Generation DES Key Schedule One round 8 bits K i Initial Permutation of DES key C i-1 28 bits D i-1 28 bits Circular Left Shift Permutation with Discard Circular Left Shift Round 1,2,9,1: single shift Others: two bits Forms subkeys used in each round Consists of: initial permutation of the key which selects 5-bits in two 28-bit halves 1 stages consisting of: selecting 2-bits from each half permuting them by PC2 for use in function f, rotating each half separately either 1 or 2 places depending on the key rotation schedule K C i D i 28 bits 28 bits Louisiana State University - Secret Key Cryptography - 25 Louisiana State University - Secret Key Cryptography - 2 Input Key Initial Permutation of Key C0 D0 Louisiana State University - Secret Key Cryptography - 27 Louisiana State University - Secret Key Cryptography - 28 Permutation with Discard Schedule of Left Shifts Louisiana State University - Secret Key Cryptography - 29 Louisiana State University - Secret Key Cryptography - 30
6 A DES Round DES Round Structure One Round Encryption 32 bits L n 32 bits R n Mangler Function E S-Boxes P 8 bits 32 bits 8 bits K i Uses two 32-bit L & R halves As for any Feistel cipher can describe as: L i = R i 1 R i = L i 1 xor F(R i 1, K i ) Takes 32-bit R half and 8-bit subkey and: expands R to 8-bits using perm E adds to subkey passes through 8 S-boxes to get 32-bit result finally permutes this using 32-bit perm P 32 bits L n+1 32 bits R n+1 Louisiana State University - Secret Key Cryptography - 31 Louisiana State University - Secret Key Cryptography - 32 Expansion of R to 8 bits Decryption Apply the same operations with the same key K i at each round: Input: R n+1 L n+1 Due to the swap operation Output: R n L n The swap operation at the end will produce the correct result: L R Louisiana State University - Secret Key Cryptography - 33 Louisiana State University - Secret Key Cryptography - 3 Mangler Function S1 S2 S3 S S5 S S7 S8 The permutation produces spread among the chunks/s-boxes! DES Mangler Function takes 32-bit R n and 8-bit K n and produces a 32-bit R n+1 operation 32-bit R n is expanded to 8 bits each -bits are expanded to bits by duplicating adjacent bits each bits or R n are XOR-ed with corresponding bits of K n and fed into S-Box (1 through 8) each S-box is different S-Box is a (completely defined) substitution that accepts bits and produces bits (mapping is not unique) the output 32 bits are then permuted to produce R n+1 the idea of the permutation is so that the output of one S- Box affexts the input of multiple S-Boxes in the next round Permutation Louisiana State University - Secret Key Cryptography - 35 Louisiana State University - Secret Key Cryptography - 3
7 Substitution Boxes S Have eight S-boxes which map to bits Each S-box is actually little bit boxes outer bits 1 & (row bits) select one rows inner bits 2-5 (col bits) are substituted result is 8 lots of bits, or 32 bits Row selection depends on both data & key feature known as autoclaving (autokeying) Example: S( d ) = 5fd25e03 Louisiana State University - Secret Key Cryptography - 37 S-Box (Substitute and Shrink) 8 bits ==> 32 bits. (8* ==> 8*) 2 bits used to select amongst permutations for the rest of the -bit quantity 2 bits row I1 I2 I3 I I5 I S i bits column i = 1, 8. Louisiana State University - Secret Key Cryptography - 38 O1 O2 O3 O S1 Each row and column contain different numbers S-BoxesS Logic behind the selection of the S-Boxes remains unpublished secret Is it a good idea technically to publish it? Example: input: output:??? Louisiana State University - Secret Key Cryptography - 39 Louisiana State University - Secret Key Cryptography - 0 DES Standard Cipher Iterative Action : Input: bits Key: 8 bits Output: bits Key Generation Box : Input: 5 bits Output: 8 bits One round (Total 1 rounds) DES Decryption Decrypt must unwind steps of data computation Feistel design, do encryption steps again Using subkeys in reverse order (SK1 SK1) Note that IP undoes final FP step of encryption 1st round with SK1 undoes 1th encrypt round. 1th round with SK1 undoes 1st encrypt round Then final FP undoes initial encryption IP Thus recovering original data value Louisiana State University - Secret Key Cryptography - 1 Louisiana State University - Secret Key Cryptography - 2
8 Avalanche Effect Key desirable property of encryption algorithm Where a change of one input or key bit results in changing approx half output bits Making attempts to home-in by guessing keys impossible DES exhibits strong avalanche Example: Two plaintexts that differ by one bit and Key: A) Example Two plaintexts that differ by one bit and Key: B) A single plaintext: Two keys that differ in only one bit: Louisiana State University - Secret Key Cryptography - 3 Louisiana State University - Secret Key Cryptography - Example Strength of DES Key Size 5-bit keys have 2 5 = 7.2 x 10 1 values Brute force search looks hard Recent advances have shown is possible in 1997 on Internet in a few months in 1998 on dedicated h/w (EFF) $250,000 in less than three days in 1999 above combined in 22hrs! Still must be able to recognize plaintext Alternatives to DES Louisiana State University - Secret Key Cryptography - 5 Louisiana State University - Secret Key Cryptography - Strength of DES Timing Attacks Attacks actual implementation of cipher Use knowledge of consequences of implementation to derive knowledge of some/all subkey bits Specifically use fact that calculations can take varying times depending on the value of the inputs to it Particularly problematic on smartcards Strength of DES Analytic Attacks Several analytic attacks on DES Utilise some deep structure of the cipher by gathering information about encryptions can eventually recover some/all of the sub-key bits if necessary then exhaustively search for the rest Generally these are statistical attacks Include differential cryptanalysis linear cryptanalysis related key attacks Louisiana State University - Secret Key Cryptography - 7 Louisiana State University - Secret Key Cryptography - 8
9 DES Weak Keys there are sixteen DES keys that are suspect weak keys: C0 and D0 are either all 0s or all 1s - thekeys are their own inverses (encrypting with the key is the same as decrypting with it) semi-weak: either all 0s and all 1s or alternating 0s and 1s Why is DES the Way it Is? operations in DES appear simple and arbitrary things are however mysterious if S-Boxes 3 and 7 are swapped, DES is an order of magnitude less secure DES design process was not public, so it is not clear how the details were chosen if they leave some hidden weakness? possibility DES was designed to be strong against specific attacks the designers knew about but did not publish (not to educate the bad guys) are the other standards vulnerable to these attacks? Louisiana State University - Secret Key Cryptography - 9 Louisiana State University - Secret Key Cryptography - 50 Differential Cryptanalysis One of the most significant recent (public) advances in cryptanalysis Known by NSA in 70's - DES design Murphy, Biham & Shamir published 1990 Powerful method to analyse block ciphers Used to analyse most current block ciphers with varying degrees of success DES reasonably resistant to it, 2 7 plaintexts are needed, lessons from Lucifer Differential Cryptanalysis A statistical attack against Feistel ciphers Uses cipher structure not previously used Design of S-P networks has output of function f influenced by both input & key Hence cannot trace values back through cipher without knowing values of the key Differential Cryptanalysis compares two related pairs of encryptions Louisiana State University - Secret Key Cryptography - 51 Louisiana State University - Secret Key Cryptography - 52 Differential Cryptanalysis Compares Pairs of Encryptions With a known difference in the input Searching for a known difference in output When same subkeys are used Plaintext: m 0, m 1 : m i+1 = m i-1 XOR f(m i, K i ) m XOR m is known: Differential Cryptanalysis have some input difference giving some output difference with probability p if find instances of some higher probability input / output difference pairs occurring can infer subkey that was used in round then must iterate process over many rounds Louisiana State University - Secret Key Cryptography - 53 Louisiana State University - Secret Key Cryptography - 5
10 Differential Cryptanalysis Differential Cryptanalysis perform attack by repeatedly encrypting plaintext pairs with known input XOR until obtain desired output XOR when found if intermediate rounds match required XOR have a right pair if not then have a wrong pair, relative ratio is S/N for attack can then deduce keys values for the rounds right pairs suggest same key bits wrong pairs give random values for large numbers of rounds, probability is so low that more pairs are required than exist with -bit inputs Biham and Shamir have shown how a 13-round iterated characteristic can break the full 1-round DES Louisiana State University - Secret Key Cryptography - 55 Louisiana State University - Secret Key Cryptography - 5 Linear Cryptanalysis Another recent development Also a statistical method Must be iterated over rounds, with decreasing probabilities Developed by Matsui et al in early 90's Based on finding linear approximations Can attack DES with 2 7 known plaintexts, still in practise infeasible Linear Cryptanalysis find linear approximations with prob p!= ½ P[i1,i2,...,ia](+)C[j1,j2,...,jb] = K[k1,k2,...,kc] where ia,jb,kc are bit locations in P,C,K gives linear equation for key bits get one key bit using max likelihood algorithm using a large number of trial encryptions effectiveness given by: p ½ Louisiana State University - Secret Key Cryptography - 57 Louisiana State University - Secret Key Cryptography - 58 Block Cipher Design Principles Basic principles still like Feistel in 1970 s Number of rounds more is better, exhaustive search best attack Function f: provides confusion, is nonlinear, avalanche Specially careful about S-box the nonlinear part of DES Larger S-box more resistant to differential and linear cryptanalysis but more difficult to design properly Key schedule complex subkey creation, key avalanche Modes of Operation Block ciphers encrypt fixed size blocks eg. DES encrypts -bit blocks, with 5-bit key Need way to use in practise, given usually have arbitrary amount of information to encrypt Four were defined for DES in ANSI standard ANSI X Modes of Use Subsequently now have 5 for DES and AES Block and stream modes Louisiana State University - Secret Key Cryptography - 59 Louisiana State University - Secret Key Cryptography - 0
11 Modes of Operation Electronic Codebook Book (ECB) message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks C i = DES K1 (P i ) uses: secure transmission of single values Louisiana State University - Secret Key Cryptography - 1 Louisiana State University - Secret Key Cryptography - 2 Electronic Code Book (ECB) M 1 M 2 M 3 M pad ENC ENC ENC ENC C 1 C 2 C 3 C Advantages and Limitations of ECB Repetitions in message may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem Weakness due to encrypted message blocks being independent Bit errors in ciphertext, when decrypted will cause the entire plaintext block to decrypt incorrectly but will not affect the rest If a ciphertext is lost or added all the rest will be affected Main use is sending a few blocks of data Pad last block with count of pad size eg. [ b1 b2 b ] <- 3 data bytes, then 5 bytes pad+count Louisiana State University - Secret Key Cryptography - 3 Louisiana State University - Secret Key Cryptography - ECB Problem #1 M 1 M 2 M 3 M pad ENC ENC ENC ENC C 1 C 2 C 3 C ECB Problem #1 If a cryptanalyst has the plaintext and ciphertext for several messages, he can start to compile a code book Messages such as s may have regular structures Open to statistical attacks This vulnerability is higher at the beginning and the end of messages, where are located headers and footers with information about sender, receiver, date Stereotyped beginnings and stereotyped endings (M 1 == M 3 ) => (C 1 == C 3 ) Louisiana State University - Secret Key Cryptography - 5 Louisiana State University - Secret Key Cryptography -
12 Problems with ECB same plaintext block produces same ciphertext can be analyzed, rearranged plaintext ECB encrypted ciphertext ECB Problem #2 Lack the basic protection against integrity attacks on the ciphertext at message level (i.e., multiple cipher blocks) Without additional integrity protection cipher block substitution and rearrangement attacks fabrication of specific information Louisiana State University - Secret Key Cryptography - 7 Louisiana State University - Secret Key Cryptography - 8 ECB Problem #2 An adversary could modify encrypted messages without knowing the key or even the algorithm in such a way as to fool the recipient For example a money transfer system among banks: There are standard format such as Sender Bank A: 1.5 blocks, Receiver Bank B: 1.5 blocks, Depositor s name: blocks, Depositor s account 2 blocks, amount of deposit 1 block A bad guy intercepts these messages. Then he transfers twice $100 from Bank A to B. Isolate these messages and repeat at will Bank A and B reconcile their transfers at the end of the day and discover the fake transfer authorization, but it is too late Banks can add a time stamp field to avoid repeated messages ECB Problem #2 Block Replay technique: The bad guy by analyzing the intercepted messages can figure out the ciphertext blocks corresponding to his name, account and amount Now he can change others people transfer to his name and account When banks reconcile their transfers at the end of the day, everything matches It will take more time to catch the problem and again it will be too late Adding a MAC will solve the problem Louisiana State University - Secret Key Cryptography - 9 Louisiana State University - Secret Key Cryptography - 70 One-Time Pad proven (Shannon): XOR a message with a (truly) random number (never reuse it again) unbreakable (no information is given away) one-time pad such usage of random numbers stream cipher generates one-time pad and XORs it with the stream of plaintext to generate ciphertext Louisiana State University - Secret Key Cryptography - 71 Fixing ECB consider this: generate random numbers and XOR with blocks before encoding transmit r1, c1, r2, c2, r3, c3, r, c M1 M2 M3 M r1 r2 r3 r E E E E C1 C2 C3 C problems: need to send twice as much data can still rearrange blocks if two ciphertext blocks equal, know XOR of two plaintext blocks = XOR of the corresponding two random numbers Louisiana State University - Secret Key Cryptography - 72
13 Cipher Block Chaining (CBC) Message is broken into blocks But these are linked together in the encryption operation Each previous cipher blocks is chained with current plaintext block, hence name Use Initial Vector (IV) to start process C i = DES K1 (P i XOR C i-1 ) C -1 = IV uses: bulk data encryption, authentication Cipher Block Chaining (CBC) M 1 M 2 M 3 M pad IV Initialization Vector ENC ENC ENC ENC C 1 C 2 C 3 C (M 1 == M 3 ) very unlikely leads to (C 1 == C 3 ) Louisiana State University - Secret Key Cryptography - 73 Louisiana State University - Secret Key Cryptography - 7 IV CBC Decryption M 1 M 2 M 3 M DEC DEC DEC DEC C 1 C 2 C 3 C Advantages and Limitations of CBC Each ciphertext block depends on all message blocks thus a change in the message affects all ciphertext blocks after the change as well as the original block Need Initial Value (IV) known to sender & receiver Without it two identical messages will encrypt to the same encrypt. Two messages that begin the same will encrypt the same way up to the first difference If IV is sent in the clear, an attacker can change bits of the first block, and change IV to compensate, but not a strong requirement Hence either IV must be a fixed value (as in EFTPOS) or it must be sent encrypted in ECB mode before rest of message At end of message, handle possible last short block by padding either with known non-data value (eg nulls) or pad last block with count of pad size eg. [ b1 b2 b ] <- 3 data bytes, then 5 bytes pad+count Louisiana State University - Secret Key Cryptography - 75 Louisiana State University - Secret Key Cryptography - 7 CBC Vulnerabilities Loss sync of block boundary garbles the rest of the stream Create desired change in decrypted block P n by sacrificing block P n-1 In this case a CRC is needed P n-1 DEC P n DEC Cipher FeedBack (CFB) Message is treated as a stream of bits Added to the output of the block cipher Result is feed back for next stage (hence name) Standard allows any number of bit (1,8 or or whatever) to be feed back denoted CFB-1, CFB-8, CFB- etc Is most efficient to use all bits (CFB-) C i = P i XOR DES K1 (C i-1 ) C -1 = IV uses: stream data encryption, authentication C n-1 Louisiana State University - Secret Key Cryptography - 77 C n Louisiana State University - Secret Key Cryptography - 78
14 Cipher FeedBack (CFB) Advantages and Limitations of CFB Appropriate when data arrives in bits/bytes Most common stream mode Limitation is need to stall while do block encryption after every n-bits Note that the block cipher is used in encryption mode at both ends Errors propagate for several blocks after the error IV should be unique Louisiana State University - Secret Key Cryptography - 79 Louisiana State University - Secret Key Cryptography - 80 Output FeedBack (OFB) Output FeedBack (OFB) message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance C i = P i XOR O i O i = DES K1 (O i-1 ) O -1 = IV uses: stream encryption over noisy channels Louisiana State University - Secret Key Cryptography - 81 Louisiana State University - Secret Key Cryptography - 82 Advantages and Limitations of OFB Used when error feedback a problem or where need to encryptions before message is available The one time pad can be generated in advance, so the message encryption is only -fast Superficially similar to CFB but feedback is from the output of cipher and is independent of message An error in ciphertext doesn t propagate A message can arrive in any arbitrary sized chunks and each time a chunk appears it can be immediately encrypted Advantages and Limitations of OFB A variation of a Vernam cipher hence must never reuse the same sequence (key+iv) Sender and receiver must remain in sync, and some recovery method is needed to ensure this occurs If a bad guy knows plaintext and ciphertext, he can modify the plaintext P in P P C P Originally specified with m-bit feedback in the standards Subsequent research has shown that only OFB- should ever be used Louisiana State University - Secret Key Cryptography - 83 Louisiana State University - Secret Key Cryptography - 8
15 Counter (CTR) A new mode, though proposed early on Similar to OFB but encrypts counter value rather than any feedback value Must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i O i = DES K1 (i) uses: high-speed network encryptions Counter (CTR) Louisiana State University - Secret Key Cryptography - 85 Louisiana State University - Secret Key Cryptography - 8 Advantages and Limitations of CTR Efficiency can do parallel encryptions in advance of need good for bursty high speed links Random access to encrypted data blocks Provable security (good as other modes) But must ensure never reuse key/counter values, otherwise could break (cf OFB) Like CBC can decrypt the message starting at any point rather than staring at the beginning Generating MICs Message Identity Code (MIC) or Message Authentication Code (MAC) To protect against modifications Compute CBC Only send last block of CBC (CBS residue) Send plaintext Any modification in plaintext modifies CBC residue Insures integrity Louisiana State University - Secret Key Cryptography - 87 Louisiana State University - Secret Key Cryptography - 88 CBC Plus Residue M 1 M 2 M 3 M pad IV Initialization Vector ENC ENC ENC ENC C 1 C 2 C 3 C residue Insuring Both Confidentiality and Integrity Replicating last CBC block doesn t work CBC the message + CRC not very strong P+I: use separate (but maybe related) secret keys for encryption and MIC (two encryption passes) Two keys twice the cryptographic power CBC with weak cryptographic checksum no evidence of problems CBC (message hash) it is more efficient than doing CBC twice if the hash function is faster than the encryption one Louisiana State University - Secret Key Cryptography - 89 Louisiana State University - Secret Key Cryptography - 90
16 Triple DES 3DES Encrypt-Decrypt-Encrypt (EDE) or 3DES Multiple encryption to compensate for the short basic DES key Making it more secure Standard practice: E(K 3, D(K 2, E(K 1, P))) K 1 =K 3 results an equivalent 112-bit DES which provides a sufficient key space, some systems use three keys but this is not standard Distinct K 1, K 2, K 3 results even stronger 18-bit DES Louisiana State University - Secret Key Cryptography - 91 Louisiana State University - Secret Key Cryptography - 92 Triple DES (Cont d) EDE: can run as a single DES with K 1 = K 2 More permutations DES3 Is Not Ideal... Efficiency demands schemes with longer keys to begin with! DES3 runs one third as fast as DES on the same platform New candidates are numerous - RC5, IDEA, two-fish, CAST, etc NIST is soliciting algorithms for federal standard Louisiana State University - Secret Key Cryptography - 93 Louisiana State University - Secret Key Cryptography - 9 IDEA International Data Encryption Algorithm ETH Zurich, 1991 Similar to DES: -bit blocks 128-bit keys IDEA was designed to be efficient in software No published weakness -bit 8-bit Input K1 Round 1 Round 2... Round 1 Round 17 IDEA Top View k 1 k 2 k 3 k k 5 k k 9 k 50 k 51 k bit Key key expansion Louisiana State University - Secret Key Cryptography bit Output Louisiana State University - Secret Key Cryptography - 9
17 IDEA Primitive Operations 2 1-bit to 1 1-bit + mod 2 1 mod ( ) Reversible Easy in software IDEA Key Expansion 128-bit key to 52 1-bit keys, K 1,, K 52 Encryption, decryption different But once generating the keys, the encryption and decryption operations are the same Chop off 1 bits at a time to get 8 1-bit keys Start at bit 25, chop (and wrap around) again to get next 8 1-bit keys Offsetting 25 more bits, repeat, until 52 keys are generated Louisiana State University - Secret Key Cryptography - 97 Louisiana State University - Secret Key Cryptography - 98 Key Expansion IDEA: One Round 128 bit key 17 rounds, even and odd K 1 K 2 K 3 K K 5 K K 7 K 8 -bit input divided into 1-bit: X a, X b, X c, X d Operations: get new X a, X b, X c, X d Odd rounds: K i : K a, K b, K c, K d 128 bit key K 9 K 10 K 11 K 12 K 13 K 1 K 15 K bit key First round: K 1, K 2, K 3, K Round 3: K 7, K 8, K 9, K 10 Even rounds: 2 K i : K e, K f Round 2: K 5, K Round : K 11, K 12 Louisiana State University - Secret Key Cryptography - 99 Louisiana State University - Secret Key Cryptography IDEA: Odd Round IDEA: Even Round X a = X a K a X b = X c + K c Mangler: Y out, Z out = f (Y in, Z in, K e, K f ) First step: X c = X b + K b Y in = X a X b X d = X d K d To decrypt, use the inverse (relative to the operations) of the keys Z in = X c X d Second Step, mangler: Y out = ((K e Y in ) + Z in ) K f Z out = (K e Y in ) + Y out Third step: X a = X a Y out, X b = X b Y out, X c = X c Z out, X d = X d Z out Louisiana State University - Secret Key Cryptography Louisiana State University - Secret Key Cryptography - 102
18 Decryption IDEA: Even Round (cont d) Use the same keys in inverse First round use K 9, K 50, K 51, K 52 Use the exact operations as encryption IDEA 128-bit key: Breaking by brute force search for the time being is imposible Seems to be the most secure block algorithm available to public The first version in 1990 Proposed Encryption Standard (PES). Evolved after publications of differential analysis Louisiana State University - Secret Key Cryptography AES AES = Advanced Encryption Standard public design process: NIST s request for proposals (1997) Winner: Rijndael (2000) Rijndael 128, 192, or 25-bit block size, 128, 192, or 25-bit key. algebraically designed s-boxes, input is divided into octets 10-1 rounds of: Byte substitution in every octet using s-box shifting (rotating) rows MixColumn spread octets according specified MicColumn table XOR with a RoundKey Decryption is by design similar to encryption Louisiana State University - Secret Key Cryptography - 10 Summary Block cipher design principles DES details Strength Simple, easy to implement: Hardware/gigabits/second, software/megabits/second 5-bit key DES may be acceptable for non-critical applications but triple DES (DES3) should be secure for most applications today Differential & Linear Cryptanalysis Modes of Operation ECB, CBC, CFB, OFB, CTR IDEA Louisiana State University - Secret Key Cryptography - 105
Chapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationModern Block Ciphers
Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationBlock Encryption and DES
Block Encryption and DES Plain Text Block 1 Block 2 Block 3 Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationCryptography Symmetric Encryption Class 2
Cryptography Symmetric Encryption Class 2 Stallings: Ch 3 & 6 Stallings: Ch 4 CEN-5079: 18.January.2018 1 Symmetric Cryptosystems Encryption Key Decryption Key Plaintext Plaintext Encryption Algorithm
More informationNetwork Security 網路安全. Lecture 3 March 16, 2015 洪國寶
Network Security 網路安全 Lecture 3 March 16, 2015 洪國寶 1 Outline Review: Symmetric encryption -- Classical techniques (Cont.) Symmetric encryption -- Modern techniques secure encryption schemes modern symmetric
More informationL3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015
L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationUnit-II. Symmetric Ciphers. To emphasize the 2 categories of traditional ciphers:substitution and transposition ciphers.
Unit-II Symmetric Ciphers Objectives: To define the terms and contents of symmetric key ciphers. To emphasize the 2 categories of traditional ciphers:substitution and transposition ciphers. To describe
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationCS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES
CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working on Stern's code, principally with
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationApplied Cryptography Data Encryption Standard
Applied Cryptography Data Encryption Standard Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 History DES has a checkered history. The book provided fascinating reading
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationSymmetric Cryptography CS461/ECE422
Symmetric Cryptography CS461/ECE422 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Section 2.4-2.6 and 12.2 in Security in Computing
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationComputer Security Network Security Internet Security
Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms computer use requires automated tools to protect files and other
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationConventional Encryption: Modern Technologies
Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationSimple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.
UNIT II BLOCK CIPHER UNIT II Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring. 2.1 SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES) The overall structure of the simplified
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations: Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationData Encryption Standard
ECE 646 Lecture 6 Data Encryption Standard Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationData Encryption Standard
ECE 646 Lecture 7 Data Encryption Standard Required Reading W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationNew Kid on the Block Practical Construction of Block Ciphers. Table of contents
New Kid on the Block Practical Construction of Block Ciphers Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Substitution-permutation
More informationWeek 4. : Block Ciphers and DES
Week 4. : Block Ciphers and DES Model of Symmetric Cryptosystem Cryptanalyst Adversary M K E Insecure Channel D Plaintext M Ciphertext C Secure Channel Plaintext M Key K Shared Secret Key C = E K (M) D
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationUNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan
UNIT - II Traditional Symmetric-Key Ciphers 1 Objectives To define the terms and the concepts of symmetric key ciphers To emphasize the two categories of traditional ciphers: substitution and transposition
More informationDarshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques
Q 1. Draw and explain Feistel s structure for encryption and decryption. The exact realization of Feistel network depends on the choice of which parameters? Feistel cipher is based on the idea that instead
More informationModes of Operation. Raj Jain. Washington University in St. Louis
Modes of Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at : http://www.cse.wustl.edu/~jain/cse567-06/
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationConventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution
Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation
More informationCryptography 2017 Lecture 3
Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationSymmetric key cryptography
The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Pseudorandom Permutations unctions that look like random permutations Syntax: Key space K (usually {0,1}
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationLecture 4. Encryption Continued... Data Encryption Standard (DES)
Lecture 4 Encryption Continued... 1 Data Encryption Standard (DES) 64 bit input block 64 bit output block 16 rounds 64 (effective 56) bit key Key schedule computed at startup Aimed at bulk data >16 rounds
More informationIDEA, RC5. Modes of operation of block ciphers
C 646 - Lecture 8 IDA, RC5 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationCryptography (cont.)
CSE 484 / CSE M 584 (Autumn 2011) Cryptography (cont.) Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others
More informationBlock Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2... M N. Then, each block M i is encrypted to the ciphertext block C i = K (M i ), and
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More information