ECE 646 Lecture 8. Modes of operation of block ciphers
|
|
- Georgiana Stone
- 6 years ago
- Views:
Transcription
1 ECE 646 Lecture 8 Modes of operation of block ciphers
2 Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, Modes of Operation
3 Modes of Operation
4 Block vs. stream ciphers M 1, M 2,, M n m 1, m 2,, m n K Block cipher K Internal state - IS Stream cipher C 1, C 2,, C n c 1, c 2,, c n C i =f K (M i ) c i = f K (m i, IS i ) IS i+1 =g K (m i, IS i ) Every block of ciphertext is a function of only one corresponding block of plaintext Every block of ciphertext is a function of the current block of plaintext and the current internal state of the cipher
5 Typical stream cipher Sender key initialization vector (seed) Receiver key initialization vector (seed) Pseudorandom Key Generator Pseudorandom Key Generator k i keystream k i keystream m i plaintext c i ciphertext c i ciphertext m i plaintext
6 Standard modes of operation of block ciphers Block ciphers Stream ciphers ECB mode Counter mode OFB mode CFB mode CBC mode
7 ECB (Electronic CodeBook) mode
8 Electronic CodeBook Mode ECB M 1 M 2 M 3 M N-1 M N K K K K K E E E E E... C 1 C 2 C 3 C N-1 C N C i = E K (M i ) for i=1..n
9 Electronic CodeBook Mode ECB Decryption C 1 C 2 C 3 C N-1 C N K K K K K D D D D D... M 1 M 2 M 3 M N-1 M N M i = E K (C i ) for i=1..n
10 Criteria for Comparison of Modes of Operation hiding repeating message blocks speed capability for parallel processing and pipelining during encryption / decryption use of block cipher operations (encryption only or both) capability for preprocessing during encryption / decryption capability for random access for the purpose of reading / writing number of plaintext and ciphertext blocks required for exhaustive key search error propagation in the message after modifying / deleting one block / byte / bit of the corresponding ciphertext
11 Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access ECB CTR OFB CFB CBC No s ECB and decryption and decryption No R/W
12 Block Cipher Modes of Operation Basic Features (2) ECB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block Error propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits Current and all subsequent No
13 Counter Mode
14 E Counter Mode - CTR IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i = E K (IV+i-1) for i=1..n
15 E Counter Mode - CTR Decryption IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K E E E E... k 1 k 2 k 3 k N-1 k N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N m i = c i k i k i = E K (IV+i-1) for i=1..n
16 IV Counter Mode - CTR IV counter counter 1 L 1 L IN IN K E K E OUT OUT 1 L 1 L c i c i IS 1 = IV m i m i c i = E K (IS i ) m i IS i+1 = IS i +1
17 E m 1 m 2 m 3 J-bit Counter Mode - CTR IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K j E E E E... k 1 k 2 k 3 k N-1 k N j j j j j j j j j m N-1 m N j j j j j c 1 c 2 c 3 c N-1 c N c i = m i k i k i = E(IV+i-1)[1..j] for i=1..n
18 J-bit Counter Mode - CTR IV IV counter counter 1 L 1 L IN IN K E K E OUT OUT j bits L-j bits j bits L-j bits 1 j L 1 j L c i c i m i m i
19 Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining ECB CTR OFB CFB CBC No s ECB and decryption Yes j/l s ECB and decryption Cipher operations Preprocessing Random access and decryption No R/W only Yes R/W
20 Block Cipher Modes of Operation Basic Features (2) ECB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block Error propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits Current and all subsequent No j bits Current and all subsequent No
21 OFB (Output FeedBack) Mode
22 IV E Output Feedback Mode - OFB... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i =E K (k i-1 ) for i=1..n, and k 0 = IV
23 IV E Output Feedback Mode - OFB Decryption... E E E E... k 1 k 2 k 3 k N-1 k N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N m i = c i k i k i =E K (k i-1 ) for i=1..n, and k 0 = IV
24 Output Feedback Mode - OFB IV IV 1 L 1 L IN IN K E K E OUT 1 L IS 1 = IV c i = E K (IS i ) m i IS i+1 = E K (IS i ) OUT 1 L c i c i m i m i
25 J-bit Output Feedback Mode - OFB IV shift shift IV L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L IN IN K E K E OUT OUT j bits L-j bits j bits L-j bits 1 j L 1 j L c i c i m i m i
26 Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access ECB CTR OFB CFB CBC No Yes Yes s ECB and decryption and decryption j/l s ECB and decryption only j/l s ECB None only No Yes Yes R/W R/W No
27 Block Cipher Modes of Operation Basic Features (2) ECB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) Error propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits j bits j bits Current and all subsequent Current and all subsequent Current and all subsequent No No No
28 CFB (Cipher FeedBack) Mode
29 IV E Cipher Feedback Mode - CFB... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i =E K (c i-1 ) for i=1..n, and c 0 = IV
30 IV E Cipher Feedback Mode - CFB Decryption... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N m i = c i k i k i =E K (c i-1 ) for i=1..n, and c 0 = IV
31 Cipher Feedback Mode - CFB IV IV 1 L 1 L IN IN K E IS 1 = IV K E OUT 1 L c i = E K (IS i ) m i IS i+1 = c i OUT 1 L c i c i m i m i
32 J-bit Cipher Feedback Mode - CFB IV IV shift shift L-j bits j bits L-j bits j bits 1 L-j L 1 L-j L IN IN K E K E OUT OUT j bits L-j bits j bits L-j bits 1 j L 1 j L c i c i m i m i
33 Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access ECB CTR OFB CFB CBC No Yes Yes Yes s ECB j/l s ECB j/l s ECB j/l s ECB and decryption and decryption and decryption only None only Decryption only only No Yes Yes No R/W R/W No R only
34 Block Cipher Modes of Operation Basic Features (2) ECB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks (for j=l) Error propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits j bits j bits L+j bits Current and all subsequent Current and all subsequent Current and all subsequent L bits No No No No
35 CBC (Cipher Block Chaining) Mode
36 Cipher Block Chaining Mode - CBC IV m 1 m 2 m 3... m N-1 m N E E E E E... c 1 c 2 c 3 c N-1 c N c i = E K (m i c i-1 ) for i=1..n c 0 =IV
37 Cipher Block Chaining Mode - CBC Decryption c 1 c 2 c 3 c N-1 c N IV D D D... D D... m 1 m 2 m 3 m N-1 m N m i = D K (c i ) c i-1 for i=1..n c 0 =IV
38 Block Cipher Modes of Operation Basic Features (1) Hiding repeating plaintext blocks Basic speed Capability for parallel processing and pipelining Cipher operations Preprocessing Random access ECB CTR OFB CFB CBC No Yes Yes Yes Yes s ECB j/l s ECB j/l s ECB j/l s ECB s ECB and decryption and decryption and decryption only None only Decryption only only Decryption only and decryption No Yes Yes No No R/W R/W No R only R only
39 Block Cipher Modes of Operation Basic Features (2) ECB CTR OFB CFB CBC Security against the exhaustive key search attack Minimum number of the message and ciphertext blocks needed 1 plaintext block, 1 ciphertext block 1 plaintext block, 1 ciphertext block 2 plaintext blocks, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks (for j=l) 1 plaintext block, 2 ciphertext blocks Error propagation in the decrypted message Modification of j-bits Deletion of j bits Integrity L bits j bits j bits L+j bits L+j bits Current and all subsequent Current and all subsequent Current and all subsequent L bits Current and all subsequent No No No No No
40 New modes of operation
41 Evaluation Criteria for Modes of Operation Security Efficiency Functionality
42 Security Evaluation criteria (1) Efficiency resistance to attacks proof of security random properties of the ciphertext number of calls of the block cipher capability for parallel processing memory/area requirements initialization time capability for preprocessing
43 Functionality Evaluation criteria (2) security services - confidentiality, integrity, authentication flexibility - variable lengths of blocks and keys - different amount of precomputations - requirements on the length of the message vulnerability to implementation errors requirements on the amount of keys, initialization vectors, random numbers, etc. error propagation and the capability for resynchronization patent restrictions
44 CBC IV m 1 m 2 m 3... m N-1 m N E E E E E... c 1 c 2 c 3 c N-1 c N Problems: - No parallel processing of blocks from the same packet - No speed-up by preprocessing - No integrity or authentication
45 Counter mode IV IV+1 IV+2 IV+N-1 IV+N... E E E E E... k 0 k 1 k 2 k N-1 k N m 0 m 1 m 2 m N-1 m N c 0 c 1 c 2 c N-1 c N Features: + Potential for parallel processing + Speed-up by preprocessing - No integrity or authentication
46 Properties of existing and new cipher modes Proof of security CBC CFB OFB New standard Parallel processing Preprocessing decryption only Integrity and authentication Resistance to implementation errors
47 OCB - Offset Codebook Mode IV 0 M 1 M 2 M N-1 M N Control sum length E Z 1 Z 2 Z N-1 g(l) Z N Z N L E E... E E E E Z 1 Z 2 Z N-1 M N τ bits R C 1 C 2 C N-1 C N T Z i =f(l, R, i)
48 New modes of block ciphers 1. CCM - Counter with CBC-MAC developed by R. Housley, D. Whiting, N. Ferguson in 2002 assures simultaneous confidentiality and authentication not covered by any patent part of the IEEE i standard for wireless networks 2. GCM Galois/Counter Mode developed by D. McGrew and J. Viega in 2005 assures simultaneous confidentiality and authentication not covered by any patent used in the IEEE 802.1AE (MACsec) Ethernet security, ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), IEEE P tape storage, and IETF IPSec standards
49 Properties of new modes of operation CBC CFB OFB CTR CCM GCM Proof of security Parallel processing only decryption Half of operations Preprocessing Integrity and authentication Half of operations Half of operations Resistance to implementation errors
50 FIPS standards: Modes of operation of block ciphers Timeline CBC, CFB, OFB, ECB FIPS 81 (for DES) CTR (counter mode) Dec For arbitrary block cipher CCM May 2004 GCM SP A SP A SP B SP D Nov 2007 Contests: NIST Apr modes submitted to the contest (including, CTR, OCB, IACBC, IAPM) Patent issues. Attacks: Aug DCM mode developed by NSA several days after the publication
51 CAESAR Contest
52 Confidentiality & Authentication Authenticated Ciphers Bob Alice N Message N Ciphertext Tag K AB Authenticated Cipher K AB Authenticated Cipher Decryption N Ciphertext Tag invalid or Message K AB - Secret key of Alice and Bob N Nonce or Initialization Vector
53 Confidentiality & Authentication Authenticated Ciphers Npub Nsec AD Message Npub Enc Nsec AD Ciphertext Tag K AB Key Key AB Decryption Npub Enc Nsec AD Ciphertext or Tag Invalid Nsec AD Message Npub - Public Message Number Nsec - Secret Message Number Enc Nsec - Encrypted Secret Message Number AD - Associated Data K AB - Secret key of Alice and Bob
54 IX.1997 X.2000 AES Cryptographic Standard Contests NESSIE I.2000 XII.2002 CRYPTREC 34 stream 4 HW winners ciphers + 4 SW winners 15 block ciphers 1 winner XI.2004 estream 51 hash functions 1 winner IV.2008 X.2007 X.2012 SHA-3 57 authenticated ciphers multiple winners I.2013 XII.2017 CAESAR time
55 Contest Timeline : Deadline for first-round submissions : Deadline for first-round software : Announcement of second-round candidates : Deadline for second-round Verilog/VHDL : Announcement of third-round candidates : Announcement of finalists : Announcement of final portfolio
ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:
C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,
More informationIDEA, RC5. Modes of operation of block ciphers
C 646 - Lecture 8 IDA, RC5 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van
More informationECE 646 Lecture 7. Secret-Key Ciphers. Data Encryption Standard DES
ECE 646 Lecture 7 Secret-Key Ciphers Data Encryption Standard DES 1 NBS public request for a standard cryptographic algorithm May 15, 1973, August 27, 1974 The algorithm must be: secure public - completely
More informationECE 646 Lecture 12. Hash functions & MACs. Digital Signature. Required Reading. Recommended Reading. m message. hash function hash value.
ECE 646 Lecture 12 Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions & MACs Appendix 11A Mathematical Basis of Birthday Attack Chapter 12 Message
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationECE 646 Lecture 7. Data Encryption Standard DES. Secret-Key Ciphers. Secret agreement between IBM & NSA, 1974
C 646 Lecture 7 Secret-Key Ciphers Data Standard DS NBS public request for a standard cryptographic algorithm May 15, 1973, August 27, 1974 The algorithm must be: secure public - completely specified -
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However,
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcements Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationThe OCB Authenticated-Encryption Algorithm
The OCB Authenticated-Encryption Algorithm Ted Krovetz California State University, Sacramento, USA Phillip Rogaway University of California, Davis, USA IETF 83 Paris, France CFRG 11:20-12:20 in 212/213
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationHow to Use Your Block Cipher? Palash Sarkar
How to Use Your Block Cipher? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in IACITS New Delhi, 2 nd April 2009 Palash Sarkar (ISI, Kolkata) Using
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationBlock cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75
Block cipher modes Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 75 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 76 Block cipher modes Block ciphers (like
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationFederal standards NIST FIPS 46-1 DES FIPS 46-2 DES. FIPS 81 Modes of. operation. FIPS 46-3 Triple DES FIPS 197 AES. industry.
ECE 646 Lecture 12 Federal Secret- cryptography Banking International Cryptographic Standards NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES ANSI
More informationMultiple forgery attacks against Message Authentication Codes
Multiple forgery attacks against Message Authentication Codes David A. McGrew and Scott R. Fluhrer Cisco Systems, Inc. {mcgrew,sfluhrer}@cisco.com May 31, 2005 Abstract Some message authentication codes
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationHardware Architectures
Hardware Architectures Secret-key Cryptography Public-key Cryptography Cryptanalysis AES & AES candidates estream candidates Hash Functions SHA-3 Montgomery Multipliers ECC cryptosystems Pairing-based
More informationThe Helion basic guide to AES encryption in hardware
The Helion basic guide to AES encryption in hardware What is AES? During September 1997, the National Institute of Standards and Technology (NIST), the main standards body in the US, issued an open request
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationSymmetric-Key Cryptography
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationUsing block ciphers 1
Using block ciphers 1 Using block ciphers DES is a type of block cipher, taking 64-bit plaintexts and returning 64-bit ciphetexts. We now discuss a number of ways in which block ciphers are employed in
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationECE 646 Lecture 12. Cryptographic Standards. Secret-key cryptography standards
ECE 646 Lecture 12 Cryptographic Standards Secret-key cryptography Federal Banking International NIST FIPS 46-1 DES FIPS 46-2 DES FIPS 81 Modes of operation FIPS 46-3 Triple DES FIPS 197 AES X3.92 DES
More informationMidgame Attacks. (and their consequences) Donghoon Chang 1 and Moti Yung 2. IIIT-Delhi, India. Google Inc. & Columbia U., USA
Midgame Attacks (and their consequences) Donghoon Chang 1 and Moti Yung 2 1 IIIT-Delhi, India 2 Google Inc. & Columbia U., USA Crypto is a Technical Science As technology moves, so should crypto designs
More informationIntroduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu
Introduction to Cryptographic Systems Asst. Prof. Mihai Chiroiu Vocabulary In cryptography, cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Decryption
More informationScanned by CamScanner
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security
More informationCryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1
Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring
More informationPermutation-based Authenticated Encryption
Permutation-based Authenticated Encryption Gilles Van Assche 1 1 STMicroelectronics COST Training School on Symmetric Cryptography and Blockchain Torremolinos, Spain, February 2018 1 / 44 Outline 1 Why
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationThe Salsa20 Family of Stream Ciphers
The Salsa20 Family of Stream Ciphers Based on [Bernstein, 2008] Erin Hales, Gregor Matl, Simon-Philipp Merz Introduction to Cryptology November 13, 2017 From a security perspective, if you re connected,
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationUNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE
INFORMATION TECHNOLOGY SECURITY GUIDANCE CRYPTOGRAPHIC ALGORITHMS FOR UNCLASSIFIED, PROTECTED A, AND PROTECTED B INFORMATION ITSP.40.111 August 2016 FOREWORD The Cryptographic Algorithms for UNCLASSIFIED,
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationHash functions & MACs
ECE 646 Lecture 11 Hash functions & MACs Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 11 Cryptographic Hash Functions Appendix 11A Mathematical Basis of Birthday Attack Chapter
More informationBlock ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2015. Slide: 74 Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways
More informationChapter 8. Encipherment Using Modern Symmetric-Key Ciphers
Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 8.1 Chapter 18 Objectives To show how modern standard
More informationECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key
ECE 646 Lecture 11 Hash functions & MACs Digital Signature Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key algorithm yes Hash value 1 Hash value 2 no Public
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationCryptography 2017 Lecture 3
Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationModes of Operation. Raj Jain. Washington University in St. Louis
Modes of Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at : http://www.cse.wustl.edu/~jain/cse567-06/
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationCryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationStream Ciphers An Overview
Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More informationThe JAMBU Lightweight Authentication Encryption Mode (v2)
The JAMBU Lightweight Authentication Encryption Mode (v2) 29 Aug, 2015 Designers: Hongjun Wu, Tao Huang Submitters: Hongjun Wu, Tao Huang Contact: wuhongjun@gmail.com Division of Mathematical Sciences
More informationLecture 2: Shared-Key Cryptography
Graduate Course on Computer Security Lecture 2: Cryptography Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ DIMI, Universita di Udine,
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationSensor Networks. Xueying Zhang, Howard M. Heys, and Cheng Li. Electrical and Computer Engineering. Faculty of Engineering and Applied Science
Energy Efficiency of Encryption Schemes Applied to Wireless Sensor Networks Xueying Zhang, Howard M. Heys, and Cheng Li Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationHomework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING
UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationSome Aspects of Block Ciphers
Some Aspects of Block Ciphers Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in CU-ISI Tutorial Workshop on Cryptology, 17 th July 2011 Palash Sarkar
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationSymmetric Encryption
Symmetric Encryption Ahmed Y. Banihammd & Ihsan, ALTUNDAG Mon November 5, 2007 Advanced Cryptography 1st Semester 2007-2008 University Joseph Fourrier, Verimag Master Of Information Security And Coding
More informationRevision History Revision 0 (T10/06-225r0): Posted to the T10 web site on 4 May 2006.
To: INCITS T10 Committee From: Matt Ball, Quantum Corporation Date: March 13, 2007 Subject: SSC-3: Key Entry using Encapsulating Security Payload (ESP) Revision History Revision 0 (T10/06-225r0): Posted
More informationCrypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.
Crypto Library Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved. MLA - Crypto Library Help Table of Contents 1 Crypto Library 6 1.1 Introduction
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCS 161 Computer Security. Week of September 11, 2017: Cryptography I
Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationCryptography (cont.)
CSE 484 / CSE M 584 (Autumn 2011) Cryptography (cont.) Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others
More information