Chap. 3. Symmetric Key Crypto (Block Ciphers)
|
|
- Jeremy Casey
- 5 years ago
- Views:
Transcription
1 Introduction to SW Security Chap. 3. Symmetric Key Crypto (Block Ciphers) Spring, 28 Cho, Seong-je ( 조성제 ) sjcho at dankook.ac.kr
2 Many slides taken from Textbook (Its site), and Web sites Textbook M. T. Goodrich and R. Tamassia, Introduction to Computer Security, Pearson (Addison-Wesley) page?isbn= &forced_logout=forced_logged_out Many photos in presentation licensed from google images or wikipedia 2
3 Contents Symmetric Key Crypto Block cipher DES (Data Encryption Standard) AES (Advanced Encryption Standard) : Rijndael (rain-dahl) Block cipher modes of operation Stream cipher 3
4 Learning Objectives After studying this, you should be able to: Explain the basic operation of symmetric block encryption algorithms Describe the structure and function of AES Distinguish among the major block cipher modes of operation Understand its inner working and uses Focus more on the how than the why To understand : why -> need to understand cryptanalysis (Chapter 6) Discuss the issues involved in key distribution 4
5 Block Cipher Plaintext and Ciphertext consists of fixed sized blocks Design goal: security and efficiency It is not easy to design a block cipher that is secure and efficient Block cipher key determines a electronic codebook Each key yields a different codebook Employ both confusion and diffusion Example of Block ciphers DES, AES, SEED, Blowfish, RC6 International Data Encryption Algorithm (IEDA) 5
6 Block Ciphers Blocks of letters encrypted simultaneously Many modern cryptosystems (AES, RSA) are also block ciphers In a block cipher: Plaintext and ciphertext have fixed length b (e.g., 128 bits) A plaintext of length n is partitioned into a sequence of m blocks, P[0],, P[m 1], where n b*m n + b Each message is divided into a sequence of blocks and encrypted or decrypted in terms of its blocks. Plaintext Requires padding with extra bits. Blocks of plaintext 6
7 (Iterated) Block Cipher Ciphertext obtained from plaintext by iterating a round function Input to round function consists of key and the output of previous round Usually implemented in software Typical Type is Feistel Cipher 7
8 Feistel Cipher Feistel cipher refers to a type of block cipher design, not a specific cipher Split plaintext block into left and right halves: Plaintext = (L 0,R 0 ) For each round i=1,2,...,n, compute L i = R i 1 R i = L i 1 F(R i 1,K i ) where F is round function and K i is subkey Ciphertext = (L n,r n ) Decryption: Ciphertext = (L n,r n ) For each round i=n,n 1,,1, compute R i 1 = L i L i 1 = R i F(R i 1,K i ) where F is round function and K i is subkey Plaintext = (L 0,R 0 ) Formula works for any function F But only secure for certain functions F Ex: F(R i-1, K i ) = 0 for all R i-1 and K i -> not secure 8
9 Padding Block ciphers require the length n of the plaintext to be a multiple of the block size b Padding the last block needs to be unambiguous (cannot just add zeroes) When the block size and plaintext length are a multiple of 8, a common padding method (PKCS5) is a sequence of identical bytes, each indicating the length (in bytes) of the padding Example for b = 128 bits (16 bytes) Plaintext: Roberto (7 bytes) Padded plaintext: Roberto (16 bytes), where 9 denotes the number and not the character We need to always pad the last block, which may consist only of padding 9
10 Block Ciphers in Practice Data Encryption Standard (DES) Developed by IBM and adopted by NIST in 1977 Based on IBM Lucifer cipher DES is a Feistel cipher 64-bit blocks and 56-bit keys 16 rounds 48 bits of key used each round (subkey) Security depends primarily on S-boxes Each S-boxes maps 6 bits to 4 bits Total 8 S-boxes Small key space makes exhaustive search attack feasible since late 90s
11 One Round of DES L R key expand L Compress R S-boxes(8) 32 P Box L R 32 key Next Slide
12 DES S-box 8 substitution boxes or S-boxes Each S-box maps 6 bits to 4 bits S-box number 1 input bits (0,5) input bits (1,2,3,4)
13 Security of DES Security of DES depends a lot on S-boxes Everything else in DES is linear Thirty years of intense analysis has revealed no back door Attacks today use exhaustive key search Inescapable conclusions Designers of DES knew what they were doing Designers of DES were ahead of their time 13
14 Block Ciphers in Practice Triple DES (3DES) Nested application of DES with three different keys KA, KB, and KC Effective key length is 168 bits, making exhaustive search attacks unfeasible C = E KC (D KB (E KA (P))); P = D KA (E KB (D KC (C))) Equivalent to DES when KA=KB=KC (backward compatible) But practically, Triple DES is C = E(D(E(P,K 1 ),K 2 ),K 1 ) P = D(E(D(C,K 1 ),K 2 ),K 1 ) (2 bit key) Advanced Encryption Standard (AES) Selected by NIST in 20 through open international competition and public discussion 128-bit blocks and several possible key lengths: 128, 192 and 256 bits Exhaustive search attack not currently possible AES-256 is the symmetric encryption algorithm of choice 14
15 DES vs. AES Date? 15
16 Triple DES 16
17 Advanced Encryption Standard (AES) AES animation:
18 AES Crypt A file encryption software available on several operating systems that uses the industry standard AES to easily and securely encrypt files. You do not need to be an expert to use AES Crypt, nor do you need to understand cryptography. Using a powerful 256-bit encryption algorithm, AES Crypt can safely secure your most sensitive files. AES Crypt is completely free open source software 18
19 How was AES created? DES was broken: Key size is too small Brute force attack is possible Attacked by exhaustive key search: Special purpose DES crackers and distributed attack at internet Triple-DES is very resistant to crypto analysis but, No efficient software code Too slow: 3 times as many rounds as DES 3DES use 64-bit block size: for reasons of both efficient and security, a larger block size desirable So, 3DES is not solution for long-term use In 1997, NIST made a formal call for advanced encryption standard algorithms 19
20 How was AES created? Goal: replace DES for both government and private sector encryption AES Competition Requirements Unclassified, publicly disclosed encryption algorithm, available royaltyfree, worldwide. Private key symmetric block cipher Block sizes of 128-bits, 128/192/256-bit keys Stronger & faster than Triple-DES Provide full specification & design details Both C & Java implementations 15 candidates accepted in Jun 98 5 were shortlisted in Aug 99 Rijndael, MARS, RC6, Serpent, Twofish 20
21 AES Evaluation Criteria initial criteria: security effort for practical cryptanalysis Resistance to cryptanalysis, soundness of math, randomness of output, etc. Speed in terms of computational efficiency (cost) and memory requirements algorithm & implementation characteristics Flexibility, hardware & software suitability, algorithm simplicity final criteria general security: 3 년의평가기간동안암호학계에서수행된보안성분석 ease of software & hardware implementation implementation attacks 시간공격 : 컴퓨터가메시지를해독하는데걸리는시간을추적유지하여키결정 전력분석공격 : 특정시간에소비한전력은처리되는데이터에관련됨 (1 을 write 하는것이 0 을 write 하는것보다많은전력소비 ) flexibility (in en/decrypt, keying, other factors) 키와블록크기에대한지원의용이성 새로운공격에대응하는라운드횟수의증가용이성 21
22 Comparison of AES, 3DES and DES 22
23 The AES Cipher - Rijndael Rijndael (rain-dahl) was selected as the AES in Oct-20 Designed by Vincent Rijmen ( 빈센트라이먼 ) and Joan Daemen ( 존데이먼 ) in Belgium Issued as FIPS PUB 197 standard in Nov-20 An iterative rather than Feistel cipher Iterated block cipher (like DES) Not a Feistel cipher (unlike DES) processes data as block of 4 columns of 4 bytes (128 bits) operates on entire data block in every round Plaintext (128 bits) AES Key ( bits) Ciphertext (128 bits) 23
24 The Advanced Encryption Standard (AES) AES is a block cipher that operates on 128-bit blocks. Key size of 128-, 192-, or 256-bits Variable number of rounds (, 12, 14): if B = K = 128 bits 12 if either B or K is 192 and the other is if either B or K is 256 bits 128-bit round key used for each round: 128 bits = 16 bytes = 4 words needs Nr+1 round keys for Nr rounds needs 44 words for 128-bit key ( rounds) 24
25 AES Round Structure The 128-bit version of the AES encryption algorithm proceeds in ten rounds. Each round performs an invertible transformation on a 128-bit array, called state. State: 4X4 array of bytes 128 bits = 16 bytes The initial state X 0 is the XOR of the plaintext P with the key K: X 0 = P XOR K. Round i (i = 1,, ) receives state X i-1 as input and produces state X i. The ciphertext C is the output of the final round: C = X. 25
26 Overall Structure 26
27 AES Overview Each round uses 4 functions (in 3 layers ) 4 functions: 1 of permutation and 3 substitutions 3 layers: Linear, Nonlinear and Key addition Permutation Linear mixing layer: ShiftRow (State) Substitutions Nonlinear layer: SubBytes (State, S-box) Nonlinear layer: MixColumn (State) Key addition layer: AddRoundKey (State, KeyNr) 27
28 Multiple Rounds Rounds are (almost) identical First and last round are a little different AES parameters Nb Number of columns in the State Nb = 4 Nk Number of 32- bit words in the Key Nk = 4, 6, or 8 Nr Number of rounds (function of Nb and Nk) Nr =, 12, or bits = 16 bytes = 4-by-4 table of bytes = 4 words (1 word= 4 bytes) 28
29 Data Unit 128 bits = 16 bytes = 4-by-4 table of bytes = 4 words (1 word= 4 bytes) 29
30 High level description Key Expansion Round keys are derived from the cipher key using Rijndael's key schedule Initial Round AddRoundKey : Each byte of the state is combined with the round key using bitwise xor Rounds Final Round SubBytes : non-linear substitution step ShiftRows : transposition step MixColumns : mixing operation of each column. AddRoundKey SubBytes ShiftRows AddRoundKey Changing Plaintext to State: 1 block = 128 bits = 16 bytes = a 4-by-4 array of states Total 16 states: each state s i,j = 8 bits = 1 byte 30
31 AES: High-Level Description State: 4 X 4 array of bytes: 128 bits = 16 bytes State = X AddRoundKey(State, Key0) for r = 1 to Nr - 1 SubBytes(State, S-box) ShiftRows(State) MixColumns(State) AddRoundKey(State, KeyNr) endfor SubBytes(State, S-box) ShiftRows(State) AddRoundKey(State, KeyNr) Y = State (op1) (op2) (op3) (op4) 31
32 Changing Plaintext to State 128 bits = 16 bytes = 16 states = 4 words 32
33 Each Round Each round is built from four basic steps: 1. SubBytes step: an S-box substitution step 2. ShiftRows step: a permutation step 3. MixColumns step: a matrix multiplication step 4. AddRoundKey step: an XOR step with a round key derived from the 128-bit encryption key 33
34 1. SubBytes step The SubBytes operation involves 16 independent byte-to-byte transformations. S 1,1 = xy 16 Interpret the byte as two hexadecimal digits xy SW implementation, use row (x) and column (y) as lookup pointer CC DD AA EE BB FF 34
35 1. SubBytes step Replace each byte in the state array with its corresponding value from the S-Box There is an InvSubBytes Table for decryption The SubBytes and InvSubBytes transformations are inverses of each other 35
36 AES S-box Example: 0x53 is replaced with 0xED Last 4 bits of input First 4 bits of input 36
37 2. ShifRows step Shifting, which permutes the bytes. A circular byte shift in each each 1 st row is unchanged 2 nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left In the encryption, the transformation is called ShiftRows In the decryption, the transformation is called InvShiftRows and the shifting is to the right 37
38 2. ShifRows step ShiftRows and InvShiftRows 38
39 3. MixColumns step ShiftRows and MixColumns provide diffusion to the cipher Each column is processed separately Each byte is replaced by a value dependent on all 4 bytes in the column Effectively a matrix multiplication in GF(2 8 ) using prime poly m(x) =x 8 +x 4 +x 3 +x+1 39
40 3. MixColumns step The MixColumns transformation operates at the column level; it transforms each column of the state to a new column. S 0,c = ({02} S 0,c ) ({03} S 1,c ) S 2,c S 3,c S 1,c = S 0,c ({02} S 1,c ) ({03} S 2,c ) S 3,c S 2,c = S 0,c S 1,c ({02} S 2,c ) ({03} S 3,c ) S 3,c = ({03} S 0,c ) S 1,c S 2,c ({02} S 3,c 40
41 4. AddRoundKey XOR state with 128-bits of the RoundKey (Subkey) RoundKey (subkey) determined by key schedule algorithm takes 128-bits (16-bytes) key and expands into array of bit words AddRoundKey proceeds one column at a time. adds a round key word with each state column matrix the operation is matrix addition Inverse for decryption identical since XOR own inverse, with reversed keys 41
42 4. AddRoundKey Example of expansion of a 128-bit cipher key Cipher key = 2b7e151628aed2a6abf cf4f3c w0=2b7e1516 w1=28aed2a6 w2=abf71588 w3=09cf4f3c 42
43 Key Expansion Scheme takes 128-bits (16-bytes) key and expands into array of bit words 43
44 Key Expansion Scheme 라운드상수 각라운드상수 RCon 은 4 바이트값으로오른쪽의 3 바이트는 0 [ 표 ] 각라운드에서사용하는상수값 RCon 44
45 AES Round Summary 45
46 AES Decryption To decrypt, process must be invertible Inverse of AddRoundKey is easy, since is its own inverse MixColumn is invertible (inverse is also implemented as a lookup table) Inverse of ShiftRow is easy (cyclic shift the other direction) SubBytes is invertible (inverse is also implemented as a lookup table) 46
47 AES Design Rationale Substitute Bytes To be resistant to known cryptanalytic attacks by making a low correlation between input bits and output bits. Shift Row Note input and output are treated as State(4X4 array) To move an individual byte from one column to another Mix Column To ensure a good mixing the bytes of each column Add Round Key To affect every bit of State The complexity of the round key expension ensure security 47
48 Block cipher modes of operation ECB / CBC / CFB / OFB / CTR 48
49 Symmetric cipher encryption How to encrypt multiple blocks? A new key for each block? As bad as (or worse than) a one-time pad! Encrypt each block independently? Make encryption depend on previous block(s), i.e., chain the blocks together? How to handle partial blocks? 49
50 Mode of operation of Block Cipher 블록암호는특정한길이의블록단위로동작하기때문에, 가변길이데이터를암호화하기위해서는먼저이들을단위블록들로나누어야하며, 그리고그블록들을어떻게암호화할지를정해야하는데, 이때블록들의암호화방식을운용모드라고부른다 Block: a fixed-length data A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block 평문의길이가블록암호의블록크기보다클경우에는어떻게블록암호를적용할것인가? 이런문제점을해결하고다양한응용환경하에적절한암호화도구로사용할수있는여러유형의효율적인운영방식들을제시하고있다. 이러한방식들을블록암호모드라고한다. 50
51 Modes of Operations Block Cipher Modes The way a block cipher encrypts and decrypts a sequence of message blocks. Many encryption ways (modes of operation) for multiple block cipher Mode of operation of Block cipher Electronic Codebook (ECB) mode Encrypt each block independently Cipher-Block Chaining (CBC) mode Chain the blocks together More secure than ECB, virtually no extra work Cipher-Feedback (CFB) mode Output Feedback (OFB) mode Counter (CTR) mode Popular for random access Data integrity of block cipher Message Authentication code (MAC) 51
52 ECB Mode Electronic Code Book (ECB) Mode (is the simplest): Block P[i] encrypted into ciphertext block C[i] = E K (P[i]) Block C[i] decrypted into plaintext block M[i] = D K (C[i]) Public domain images from and 52
53 ECB Cut and Paste Attack Suppose plaintext is Alice digs Bob. Trudy digs Tom. Assuming 64-bit blocks and 8-bit ASCII: P 0 = Alice di, P 1 = gs Bob., P 2 = Trudy di, P 3 = gs Tom. Ciphertext: C 0, C 1, C 2, C 3 Trudy cuts and pastes attack: C 0, C 3, C 2, C 1 Decrypts as Alice digs Tom. Trudy digs Bob. 53
54 EBC Weakness Suppose P i = P j Then C i = C j and Trudy knows P i = P j This gives Trudy some information, even if she does not know P i or P j We should not give the cryptanalyst anything for free. Trudy might know P i Alice s original image & Alice s encrypted image Why does this happen? Same plaintext block Same ciphertext! 54
55 Strengths and Weaknesses of ECB Strengths: Is very simple Allows for parallel encryptions of the blocks of a plaintext Can tolerate the loss or damage of a block Weakness: 동일한평문블록이동일한암호문블록으로나타남 Documents and images are not suitable for ECB encryption since patters in the plaintext are repeated in the ciphertext: 암호문을보면평문속에패턴이반복됨을알수있음 블록위치변조공격가능 : 공격자가암호문블록을서로변경할경우, 수신자가모를수있음 55
56 Cipher Block Chaining (CBC) Mode Blocks are chained together The previous ciphertext block is combined with the current plaintext block C[i] = E K (C[i 1] P[i]) C[ 1] = IV, is random initialization vector, but need not be secret Decryption: P[i] = C[i 1] D K (C[i]) 암호문블록이 1개파손되었다면, 암호문블록의길이가바뀌지않는다면복호화했을때에평문블록에미치는영향은 2개블록에한정됨 CBC Encryption: CBC Decryption: P[0] P[1] P[2] P[3] P[0] P[1] P[2] P[3] IV IV E K E K E K E K D K D K D K D K C[0] C[1] C[2] C[3] C[0] C[1] C[2] C[3] 56
57 Strengths and Weaknesses of CBC Strengths: Identical plaintext blocks yield different ciphertext blocks Doesn t show patterns in the plaintext the most common mode fast and relatively simple Weaknesses: CBC requires the reliable transmission of all the blocks sequentially It cannot be parallelized CBC is not suitable for applications that allow packet losses (e.g., music and video streaming) Cut and paste is still possible, but more complex (and will cause garbles) If C 1 is garbled to, say, G then P 1 C 0 D(G, K), P 2 G D(C 2, K) But P 3 = C 2 D(C 3, K), P 4 = C 3 D(C 4, K), Automatically recovers from errors! 57
58 Counter (CTR) mode CTR is popular for random access Every step of encryption and decryption can be in parallel We perform encryption through an exclusive-or with a generated pad We start with a random seed, Counter (= IV) 58
59 Java AES Encryption Example Source Generate an AES key KeyGenerator keygen = KeyGenerator.getInstance("AES"); SecretKey aeskey = keygen.generatekey(); Create a cipher object for AES in ECB mode and PKCS5 padding Encrypt Decrypt Cipher aescipher; aescipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); aescipher.init(cipher.encrypt_mode, aeskey); byte[] plaintext = "My secret message".getbytes(); byte[] ciphertext = aescipher.dofinal(plaintext); aescipher.init(cipher.decrypt_mode, aeskey); byte[] plaintext1 = aescipher.dofinal(ciphertext); 59
60 Libraries Implementation Company Development source Description Libgcrypt OpenSSL GnuPG community and gcode The OpenSSL Project C C al/libgcrypt.html libmcrypt C Replacement for the old crypt() package. mcrypt (3) Linux man page MCRYPT mcrypt_module_open( char *algorithm, char* algorithm_directory, char* mode, char* mode_directory); int mcrypt_generic_init( MCRYPT td, void *key, int lenofkey, void *IV); int mcrypt_generic( MCRYPT td, void *plaintext, int len); int mdecrypt_generic( MCRYPT td, void *ciphertext, int len); int mcrypt_generic_end( MCRYPT td); int mcrypt_generic_deinit( MCRYPT td); 60
61 Summary Encryption provides confidentiality AES was designed after DES. The algorithms used in AES are so simple that they can be easily implemented using cheap processors and a minimum amount of memory. Most of the known attacks on DES were already tested on AES. Brute-Force Attack AES is definitely more secure than DES due to the larger-size key. Statistical Attacks Numerous tests have failed to do statistical analysis of the ciphertext 61 Computer Security & OS Lab , S 15
Cryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms
ENEE 459-C Computer Security Symmetric key encryption in practice: DES and AES algorithms A perfect encryption of a block Say you have a block of n bits You want to encrypt it You want to use the same
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationWeek 5: Advanced Encryption Standard. Click
Week 5: Advanced Encryption Standard Click http://www.nist.gov/aes 1 History of AES Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5a January 29, 2013 CPSC 467b, Lecture 5a 1/37 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5 January 23, 2012 CPSC 467b, Lecture 5 1/35 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 7 September 23, 2015 CPSC 467, Lecture 7 1/1 Advanced Encryption Standard AES Alternatives CPSC 467,
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationSymmetric Cryptography CS461/ECE422
Symmetric Cryptography CS461/ECE422 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Section 2.4-2.6 and 12.2 in Security in Computing
More informationL3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015
L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationAES Advanced Encryption Standard
AES Advanced Encryption Standard AES is iterated block cipher that supports block sizes of 128-bits and key sizes of 128, 192, and 256 bits. The AES finalist candidate algorithms were MARS, RC6, Rijndael,
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 4, 2013 Part 4 Modern Crypto Block Ciphers (Iterated) Block Cipher Plaintext and ciphertext consist of fixed-sized blocks Ciphertext obtained from
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Michael Huth M.Huth@doc.ic.ac.uk www.doc.ic.ac.uk/~mrh/430/ Symmetric Key Cryptography (3.1) Introduction Also known as SECRET KEY, SINGLE KEY, PRIVATE KEY Sender and Receiver
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationChapter 7 Advanced Encryption Standard (AES) 7.1
Chapter 7 Advanced Encryption Standard (AES) 7.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Objectives To review a short history of AES To define
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationSymmetric Key Cryptosystems. Definition
Symmetric Key Cryptosystems Debdeep Mukhopadhyay IIT Kharagpur Definition Alice and Bob has the same key to encrypt as well as to decrypt The key is shared via a secured channel Symmetric Ciphers are of
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationL3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L3: Basic Cryptography II Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 8/29/2016 CSCI 451 -Fall 2016 1 Acknowledgement Many slides are from or
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationUNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan
UNIT - II Traditional Symmetric-Key Ciphers 1 Objectives To define the terms and the concepts of symmetric key ciphers To emphasize the two categories of traditional ciphers: substitution and transposition
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationCrypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion
Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationLecture 4. Encryption Continued... Data Encryption Standard (DES)
Lecture 4 Encryption Continued... 1 Data Encryption Standard (DES) 64 bit input block 64 bit output block 16 rounds 64 (effective 56) bit key Key schedule computed at startup Aimed at bulk data >16 rounds
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationBlock Ciphers Introduction
Technicalities Block Models Block Ciphers Introduction Orr Dunkelman Computer Science Department University of Haifa, Israel March 10th, 2013 Orr Dunkelman Cryptanalysis of Block Ciphers Seminar Introduction
More informationSymmetric-Key Cryptography
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris
More informationIntroduction to Cryptology. Lecture 17
Introduction to Cryptology Lecture 17 Announcements HW7 due Thursday 4/7 Looking ahead: Practical constructions of CRHF Start Number Theory background Agenda Last time SPN (6.2) This time Feistel Networks
More informationPart XII. From theory to practice in cryptography
Part XII From theory to practice in cryptography FROM CRYPTO-THEORY to CRYPTO-PRACTICE FROM CRYPTO-THEORY to CRYPTO-PRACTICE In this chapter we deal with several applied cryptography methods, systems and
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationScanned by CamScanner
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationSymmetric Cryptography. CS4264 Fall 2016
Symmetric Cryptography CS4264 Fall 2016 Correction: TA Office Hour Stefan Nagy (snagy2@vt.edu) Office hour: Thursday Friday 10-11 AM, 106 McBryde Hall 2 Slides credit to Abdou Illia RECAP AND HIGH-LEVEL
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationCS Network Security. Module 6 Private Key Cryptography
CS 393 - Network Security Module 6 Private ey Cryptography Data Encryption Encryption is the process of encoding a message such that its meaning is not obvious. Decryption is the reverse process, ie, transforming
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationOptimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,
Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2, Pursuing M.Tech., VLSI, U.V.Patel college of Engineering and Technology, Kherva, Mehsana, India
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks
More informationComp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today
Comp527 status items Crypto Protocols, part 2 Crypto primitives Today s talk includes slides from: Bart Preneel, Jonathan Millen, and Dan Wallach Install the smart card software Bring CDs back to Dan s
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationImplementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001
Implementation and Performance analysis of Skipjack & Rijndael Algorithms by Viswnadham Sanku ECE646 Project Fall-2001 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. OBJECTIVE 3 2. SKIPJACK CIPHER 3 2.1 CIPHER
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationCS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES
CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationCSc 466/566. Computer Security. 6 : Cryptography Symmetric Key
1/56 CSc 466/566 Computer Security 6 : Cryptography Symmetric Key Version: 2012/02/22 16:14:16 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationModern Block Ciphers
Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate
More informationCS 392/681 Computer Security. Module 1 Private Key Cryptography
CS 392/681 Computer Security Module 1 Private Key Cryptography Logistics Office hours Thursday 3 to 5 (tentative). Lab 0 due today. Lab 1 assigned. Due next Thursday!! ISIS is still unstable. Will fix
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationCIT 380: Securing Computer Systems. Symmetric Cryptography
CIT 380: Securing Computer Systems Symmetric Cryptography Topics 1. Modular Arithmetic 2. What is Cryptography? 3. Transposition Ciphers 4. Substitution Ciphers 1. Cæsar cipher 2. Vigènere cipher 5. Cryptanalysis:
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationThe Encryption Standards
The Encryption Standards Appendix F Version 1.0 Computer Security: Art and Science, 2 nd Edition Slide F-1 Outline Data Encryption Standard Algorithm Advanced Encryption Standard Background mathematics
More informationBlock Ciphers. Advanced Encryption Standard (AES)
Network Security - ISA 656 Angelos Stavrou September 28, 2008 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More information