DIFFUSION AND TIME ANALYSIS FOR AES CANDIDATES

Transcription

1 International Journal of Mathematics and Computer Applications Research (IJMCAR) ISSN Vol. 3, Issue 2, Jun 2013, TJPRC Pvt. Ltd. DIFFUSION AND TIME ANALYSIS FOR AES CANDIDATES MOHAN.H.S 1 & SNEHA.M 2 1 Professor and Head of the Department, Department of Information Science and Engineering, S J B Institute of Technology, Bangalore, Karnataka, India 2 4 th Semester M.Tech, Department of Information Science and Engineering, SJB Institute of Technology, Bangalore, Karnataka, India ABSTRACT In this modern world, internet is the main means of communication. So there is a threat to the data always flowing through this network. That s why the security of data came into picture. There are different ways in which the data can be secured; one of the ways is by using different cryptographic algorithms. The strongest algorithm in symmetric key cryptography till now is AES. This paper provides the performance comparison between MARS, Serpent and Rijndael different candidate algorithms of AES interms of encryption, decryption, and key setup time and also through diffusion analysis. AES is a block cipher and are based on substitution, transposition to encrypt a plain-text message and to produce a cipher-message. Those transformations are based on well understood Mathematical problems using non-linear functions and linear modular algebra. KEYWORDS: AES Algorithm, Cryptography, MARS, Serpent, Rijndael INTRODUCTION In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. There are two main reasons to have these algorithms; First, the explosive growth in computer systems and their interconnections via networks has increased the dependence on both organizations and individuals on the information stored and communicated using these systems. This in turn has lead to the awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security. We can classify security attacks into two broad categories Passive attacks Active attacks The first type of attack involves monitoring of transmission. These types are very difficult to detect, so we need to take security measures so that the data being transmitted is protected by means of encryption. It involves Release of message contents and Traffic analysis. Second type of attack involves some modification of data stream or the creation of a false stream and can be subdivided into four categories: Masquerade Replay

2 282 Mohan.H.S & Sneha.M Modification of messages Denial of service Active attacks are easy to detect but difficult to prevent unlike passive attacks. Instead the goal is to detect them and to recover from any disruption or delays caused by them. Cryptography, over the ages, has been practiced by many who have devised ad-hoc techniques to meet some of the information security requirements. The last twenty years have been period of transition as the discipline to a broader area. There are now several international scientific conferences devoted exclusively to cryptography and also an International Association for Crypto-logic Research (IACR), aimed at fostering research in the area. There are two general types of cryptographic algorithms. Symmetric algorithms Asymmetric algorithms The current Digital Encryption Standard (DES) does no longer satisfy the need for data security because of its short 56-bit key. Such short keys can today be broken by brute force attacks. NIST issued a new version of DES called 3DES. With its 168-bit key length it overcomes the drawback of DES. The principle drawback of 3DES is that the algorithm is relatively sluggish in software. The original DES was designed for mid-1970s hardware implementation and does not produce efficient software code. 3DES which has three times as many rounds as DES is correspondingly slower. A secondary drawback is that both DES and 3DES use a 64-bit block size. For reasons of both efficiency and security, a larger block size is desirable. Because of these drawbacks NIST in 1997 issued a call for proposals for a new Advanced Encryption Standard (AES), which should have security strength equal to or better than 3DES and significantly improved efficiency. In addition to these general requirements NIST specified that AES must be a symmetric block cipher with a block length of 128-bits and support for key lengths of 128, 192 and 256 bits. In the first round of evaluation, 15 proposed algorithms were accepted. A second round narrowed the field to 5 algorithms (MARS, RC6, Serpent, Twofish, and Rijndael). NIST completed its evaluation process and published a final standard in November of NIST selected Rijndael as the proposed AES algorithm. The criteria used by NIST in the final evaluation are: Rijndael has no known security attacks Rijndael performs encryption and decryption very well across a variety of platforms including 8-bit and 64-bit platforms, and DSPs Rijndael is very well suited for restricted-space environments where either encryption or decryption is implemented (but not both) Rijndael has the highest throughput of any of the finalists for feedback modes and second highest for non feedback modes The operations used by Rijndael are among the easiest to defend against power and timing attacks Encryption and decryption in Rijndael differs

3 Diffusion and Time Analysis for AES Candidates 283 Rijndael supports on the fly subkey computation for encryption Rijndael supports fully block sizes and key sizes of 128, 192 and 256 bits in any combination Rijndael has an excellent potential for parallelism for a single block encryption AES ALGORITHMS AES algorithms are symmetric cipher algorithms with variable key sizes and blocks, also with number of rounds to encrypt and decrypt the data than DES algorithms. There are numerous algorithms in AES. From them we have chosen the following algorithms for finding the performance analysis on time, key sizes, key setup time, encryption, and decryption and so on. The chosen algorithms are: MARS Algorithm Serpent Algorithm Rijndael Algorithm Firstly we go through the basic difference between these algorithms which as mentioned in the table below: Table 1: General Structure Algorithm Type Rounds MARS Extended Fiestel 32 Serpent SP Network 32 Rijndael Square 10,12,14 MARS Algorithm MARS is a shared-key block cipher that works with a block size of 128 bit and a variable key size. The algorithm is a type-3 Feistel network which is word (32 bit) oriented. The word orientation should bring a performance for software implementations on most computer architectures available today. A fully optimized implementation is expected to run at 100Mbit/second and hardware can achieve an additional 10x speedup factor. The algorithm starts with 8-Rounds of Forward Mixing then with the 16-Rounds of Cryptographic core which makes use of the extended key and then lastly with the 8-Rounds of Backward Mixing. First and the last rounds are there to increase the avalanche criteria in the cipher through rotations, shifts and XORs. Serpent Algorithm Serpent is a 32-round SP-network operating on four 32-bit words, thus giving a block size of 128 bits. All values used in the cipher are represented as bit streams. The indices of the bits are counted from 0 to bit 31 in one 32-bit word, 0 to bit 127 in 128-bit blocks, 0 to bit 255 in 256-bit keys, and so on. For internal computation, all values are represented in little-endian, where the first word (word 0) is the least significant word, and the last word is the most significant, and where bit 0 is the least significant bit of word 0. Externally, we write each block as a plain 128-bit hex number. Serpent encrypts a 128-bit plaintext P to a 128-bit ciphertext C in 32 rounds under the control of bit subkeys K0... K32. The user key length is variable, but for the purposes of this submission we fix it at 128, 192 or 256 bits; short keys with less than 256 bits are mapped to full-length keys of 256 bits by appending one 1" bit to the MSB end, followed by as many 0" bits as required to make up 256 bits. The cipher consists of Initial permutation IP, 32 Rounds each consisting of a key mixing

4 284 Mohan.H.S & Sneha.M operation, a pass through S-boxes, and (in all but the last round) a linear transformation. In the last round, this linear transformation is replaced by an additional key mixing operation, a final permutation FP. Rijndael Algorithm This algorithm was developed by Joan Daemen, Vincent Rijmen. This algorithm supports different key sizes of 128, 192 and 256 bits but block length of 128-bit only is supported. The number of rounds will also change respectively to 10, 12, 14 based on the key size used for encryption. Rijndael was designed to have the following characteristics: Resistance against all known attacks Speed and code compactness on a wide range of platforms Design simplicity In this project Rijndael algorithm is taken with 128-bit key and block size both, with 10 rounds for encryption and decryption. This algorithm starts with an Add round key transformation, then goes through four types of transformations in each round ; Bytesub, Shiftrows, Mixcolumns and Addroundkey and in the final round only three of the transformations are done to get the ciphertext that is Mixcolumns transformation is not done. Decryption of ciphertext also follows the same rule in which it uses the Inverse of all the transformations (Inv-Bytesub, Inv-Shiftrows and Inv- Mixcolumns) to get the plaintext back. PERFORMANCE ANALYSIS The performance analysis of these three algorithms is done using the Diffusion Analysis and Time taken by the encryption, decryption and keysetup functions. Diffusion and Confusion These are the two important techniques for building any cryptographic system. Claude Shannon introduced the terms Confusion and Diffusion. According to Shannon, in an ideal cipher, all statistics of the cipher text are independent of the particular key used. In Diffusion, each plaintext digit affects many cipher text digits, which is equivalent to saying that each cipher text digit is affected by many plain text digits. All encryption algorithms will make use of diffusion and confusion layers. Diffusion layer is based upon simple linear operations such as multi-permutations, key additions, multiplication with known constants etc. On the other hand, confusion layer is based upon complex and linear operations such as Substitution Box (S-box). Strict Avalanche Criteria Avalanche value is the Hamming distance of two cipher values corresponding to cases, without input bit flipping and with input bit flipping. Strict Avalanche criteria states that if a single input bit is flipped at least half of the output bits should be changed. There two types of SAC First order SAC: It is a change in output bit when a single input bit is flipped and Higher order SAC: It is a change in output bit when many input bits are flipped. Diffusion Analysis of MARS The diffusion analysis is performed using the first order SAC which is changing a single bit in the key while

5 Diffusion and Time Analysis for AES Candidates 285 keeping the plaintext as it is. Figure 1: Diffusion Analysis of MARS The Figure 1 shows the diffusion analysis of MARS algorithm. As specified by NIST this algorithm achieves the 50% in the second round itself. In the 32 nd round it achieves 53% SAC value. Diffusion Analysis of Serpent The diffusion analysis of Rijndael is also done using the first order SAC. Changing only one bit in the input key keeping plaintext as it is. Serpent also has 32 rounds and the number of bits that differ by changing a single bit in the key is shown for all the rounds with their corresponding SAC values. Figure 2: Diffusion Analysis of Serpent Figure 2 shows the diffusion analysis of Serpent where the SAC value specified is achieved in the second round itself. And in the final round 50% of the bits are affected by changing a single bit in the input key.

6 286 Mohan.H.S & Sneha.M Diffusion Analysis of Rijndael The diffusion analysis of Rijndael is also done using the first order SAC. Changing only one bit in the input key keeping plaintext as it is. Figure 3: Diffusion Analysis of Rijndael Figure 3 shows the diffusion analysis of Rijndael algorithm the specified SAC value is achieved in the second round only and is maintained in all the rounds till the last round. So we can conclude that this algorithm is the strongest one. Graph of Diffusion Analysis The diffusion analysis performed on three candidate algorithms shown in previous sections are plotted in the graph form. Figure 4: Number of Rounds Vs SAC Value Figure 4 shows the graph of all three algorithms diffusion analysis in which it is clearly visible that the Rijndael algorithm is the strongest one because once it has achieved 50% SAC value it maintains till the last round which means that in each round more than 50% of the bits are changed. Speed Analysis The performance of the algorithm is measured in terms of the speed, i.e., number of cycles required for the completion of the function. The speed of the algorithm can be characterized by measuring the time required for key scheduling, encryption and decryption. These parameters are measured for all the algorithms: MARS, Serpent and Rijndael.

7 Diffusion and Time Analysis for AES Candidates 287 Table 2: Speed Algorithm Encrypt (Cycles) Decrypt (Cycles) Keysetup (Cycles) MARS Serpent Rijndael Figure 5: Graph for Encryption and Decryption (Cycles) CONCLUSIONS AND FUTURE WORK The results of diffusion analysis indicate that required diffusion level is achieved at the end of 2nd round in the MARS and Serpent encryption algorithms. No major improvement is achieved in the rounds from 3 to 32. Whereas the results of AES indicate that the diffusion level is achieved at the end of 2nd round itself. Rijndael is well suited to be implemented efficiently on a wide range of processors and in dedicated hardware on both the Pentium and Pentium Pro processors. Unlike Serpent and Mars, there are no known CPU platforms (8-bit or 32- bit) on which Rijndael's relative performance would be unduly negatively affected or on which timing attacks would be possible. Mars and Serpent are not suitable for Smart card implementation whereas Rijndael is very much suitable for widespread smart card implementation. By the analysis of various factors we can conclude from the results tabulated that Rijndael is more secure and strong when compared to MARS and Serpent algorithms. As future work we are concentrating on the security improvements of the Rijndael algorithm to make this algorithm even stronger if incase this has been broken in future. This can be done in following ways: Changing the Key addition round of the algorithm by Key Multiplication. Changing the input plaintext matrix size from 4x4 to 8x8. REFERENCES 1. B.D.C.N.Prasad, P E S N Krishna Prasad, P Sita Rama Murty and K Madhavi, A Performance Study on AES Algorithms, (IJCSIS) International Journal of Computer Science and Information Security, 2. Vol. 8, No. 6, September Mohan H. S. and A Raji Reddy, Generating the New S-box and Analyzing the Diffusion Strength to Improve the Security of AES Algorithm, (IJCSIS) International Journal of Computer Science and Information Security,Vol.2, No.9, September 2010.

8 288 Mohan.H.S & Sneha.M 4. Mohan H. S. and A Raji Reddy, Performance Analysis of AES and MARS Encryption Algorithms, IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 4, No 1, July 2011 ISSN (Online): Mohan H. S., A Raji Reddy and Manjunath T.N, Improving the Diffusion power of AES Rijndael with key multiplication, International Journal of Computer Applications ( ) Volume 30 No.5, September Vikas Kaul, S K Narayankhedkar, S Achrekar, S Agarwal, P, Security Enhancement Algorithms for Data Transmission for Next Generation Networks, IJCA K.Rahimunnisa, Dr. S. Sureshkumar, K.Rajeshkumar, Implementation of AES with New S-Box and Performance Analysis with the Modified S-Box, International Conference on VLSI, Communication & Instrumentation (ICVCI), Network Working Group S. Frankel, R. Glenn, S. Kelly Request for Comments: 3602 Category:Standards Track, Airespace, September MARS: C.Burwick, D.Coppersmith, E.D'Avignon, R.Gennaro, S.Halevi, C.Jutla, S.Matyas, L.O'Connor, M.Peyravian, D.Safford, N.Zunic, "MARS - a candidate cipher for AES", IBM Corporation, September TweakIBM99 - Shai Halevi, "Detailed discussion of the MARS "tweak" for Round 2", IBM Corporation, Mai RC6: Ronald L. Rivest, M.J.B. Robshaw, R. Sidney, Y.L. Yin, "The RC6 Block Cipher", M.I.T. Laboratory for Computer Science, RSA Laboratories. 12. Rijndael: Joan Daemen, Vincent Rijmen, "AES Proposal: Rijndael", Proton World Int.l, Belgium, Katholieke Universiteit Leuven, Belgium, September Serpent: Ross Anderson, Eli Biham, Lars Knudsen, "Serpent: A Proposal for the Advanced Encryption Standard", Cambridge University, England; Technion, Haifa, Israel; University of Bergen, Norway. 14. E Biham, A Note Comparing AES Candidates, NIST, Cryptography and Network Security - William Stallings, Third Edition. 16. Twofish: Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson, "Two fish: A 128-Bit Block Cipher", Counterpane Systems, University of California Berkeley.