Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this
Size: px
Start display at page:

Download "Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this"

Transcription

1 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 74 Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

2 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75 ECB ECB Simplest way: Apply the encryption block by block This is called Electronic Codebook mode, ECB. Source: Wikipedia

3 ECB decryption Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 76 Decryption just does the operations in reverse, and uses the decrypt function of the block cipher. Source: Wikipedia

4 ECB is not secure Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 77 A good block mode should have the following properties: 1 Identical blocks shouldn t produce identical ciphertexts 2 There should be protection against deletion or insertion of blocks 3 Ciphertext transmission errors should affect only the the block containing the error 4 It should be efficient (e.g., parallelisable) ECB fails properties 1 and 2. It satisfies 3 and 4, but they are not as important as 1 and 2.

5 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 78 ECB One solution: Add random initialisation vector to start off encryption and use previous result Source: Wikipedia

6 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 79 Source: Wikipedia Figure out which of properties 1, 2, 3, 4 hold for.

7 Counter mode () Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 80 In counter mode, we don t chain the blocks together, but still we aim to make identical plaintext blocks have different ciphertext blocks. Choose nonce and increase counter for each block Source: Wikipedia

8 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 81 Source: Wikipedia Figure out which of properties 1, 2, 3, 4 hold for.

9 Proper definition of security for Block Cipher Modes Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 82 Cannot reuse definition for block cipher Reason: A ciphertext bit depends only on some of the plaintext bits. Need a weaker notion of security.

10 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 83 Definition Let (E, D) be a pseudorandom permutation over (K, X ), and E be a block cipher mode. We define the indistinguishability under chosen-plaintext-game between challenger and attacker as follows: The challenger generates a key k K at random. The attacker performs a polynomial number of computations, possibly asking the challenger for the encryption by E of a polynomial number of arbitrary messages. The attacker submits two messages m 0 and m 1 to the challenger. The challenger selects a bit b {0, 1} at random. The challenger returns the encryption E(k, m b ) to the attacker The attacker performs a polynomial number of computations, possibly asking the challenger for the encryption of a polynomial number of arbitrary messages. The attacker outputs a bit b. The attacker wins this game if b = b.

11 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 84 Challenger Attacker k r K m 1,..., m n E(k, m 1 ),..., E(k, m n ) m 0, m 1 b r {0, 1} E(k, m b ) m 1,..., m d E(k, m 1 ),..., E(k, m d ) b

12 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 85 Intuitively, we call a block cipher mode secure if the attacker can only guess the bit b, ie wins the game half the time. Definition Let Pr[b = b ] be the probability that the attacker wins the IND-CPA-game, taken over all encryption keys of length n and all bits b. A block cipher mode satisfies indistinguishability under chosen-plaintext attack (IND-CPA) if Pr[b = b ] 1 2 is negligible. Note that this probability depends on the size of K, since the security of the block cipher E depends on it.

13 ECB is not secure. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 86 Let (E, D) be a secure block cipher, and let E be encryption using ECB mode. The attacker can easily win the IND-CPA game. He can get the encryption of m 1 and m 2 in the first part (or even in the last part) of the game, and hence can easily distinguish which one the challenger chose.

14 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 87 Theorem If (E, D) is a block cipher with key space X, the advantage of the attacker in the IND-CPA game for is 2q 2 L 2 X + 2Adv where q is the number of messages encrypted with the same key k and L is the maximal length of each message, and Adv is the advantage of the attacker in the game for the secure block cipher. For AES: must change key after using 2 24 message of length 2 24 each to obtain advantage of

15 Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 88 Theorem If (E, D) is a block cipher with key space X, the advantage of the attacker in the IND-CPA game for counter mode is 2q 2 L X + 2Adv where q is the number of messages encrypted with the same key k and L is the maximal length of each message, and Adv is the advantage of the attacker in the game for the secure block cipher. For AES: must change key after using 2 32 message of length 2 32 each to obtain advantage of

16 Comparing the IND-CPA game and the secure block cipher game Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 89 Let E be a secure pseudorandom permutation, and E a secure block cipher mode for E. 1 If you view E as an encryption using a block cipher mode, does it satisfy the IND-CPA condition for a secure mode? 2 If you view E as a pseudorandom permutation, does it satisfy the condition for a secure pseudorandom permutation? The answer to both questions is no.

Similar documents

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75 Block cipher modes Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 75 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 76 Block cipher modes Block ciphers (like

More information

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24 Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.

More information

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016 Block ciphers CS 161: Computer Security Prof. Raluca Ada Popa February 26, 2016 Announcements Last time Syntax of encryption: Keygen, Enc, Dec Security definition for known plaintext attack: attacker provides

More information

Block ciphers, stream ciphers

Block ciphers, stream ciphers Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A

More information

1 Achieving IND-CPA security

1 Achieving IND-CPA security ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

More information

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring

More information

Computational Security, Stream and Block Cipher Functions

Computational Security, Stream and Block Cipher Functions Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for

More information

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91 Stream ciphers Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 91 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 92 Stream Cipher Suppose you want to encrypt

More information

CS 6903 Modern Cryptography February 14th, Lecture 4: Instructor: Nitesh Saxena Scribe: Neil Stewart, Chaya Pradip Vavilala

CS 6903 Modern Cryptography February 14th, Lecture 4: Instructor: Nitesh Saxena Scribe: Neil Stewart, Chaya Pradip Vavilala CS 6903 Modern Cryptography February 14th, 2008 Lecture 4: Instructor: Nitesh Saxena Scribe: Neil Stewart, Chaya Pradip Vavilala Definition 1 (Indistinguishability (IND-G)) IND-G is a notion that was defined

More information

Feedback Week 4 - Problem Set

Feedback Week 4 - Problem Set 4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1

More information

Computer Security CS 526

Computer Security CS 526 Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability

More information

Block Cipher Operation. CS 6313 Fall ASU

Block Cipher Operation. CS 6313 Fall ASU Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES

More information

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University Symmetric-Key Cryptography Part 1 Tom Shrimpton Portland State University Building a privacy-providing primitive I want my communication with Bob to be private -- Alice What kind of communication? SMS?

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Popa Spring 2018 CS 161 Computer Security Discussion 3 Week of February 5, 2018: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric

More information

Cryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security

Cryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security Cryptography CS 555 Topic 8: Modes of Encryption, The Penguin and CCA security 1 Reminder: Homework 1 Due on Friday at the beginning of class Please typeset your solutions 2 Recap Pseudorandom Functions

More information

Cryptography 2017 Lecture 3

Cryptography 2017 Lecture 3 Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad

More information

Introduction to Cryptography. Lecture 3

Introduction to Cryptography. Lecture 3 Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic

More information

Information Security CS526

Information Security CS526 Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for

More information

IND-CCA2 secure cryptosystems, Dan Bogdanov

IND-CCA2 secure cryptosystems, Dan Bogdanov MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results

More information

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions ENEE 457: Computer Systems Security 09/12/16 Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions Charalampos (Babis) Papamanthou Department of Electrical and Computer

More information

Symmetric-Key Cryptography

Symmetric-Key Cryptography Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris

More information

Cryptography [Symmetric Encryption]

Cryptography [Symmetric Encryption] CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,

More information

Scanned by CamScanner

Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security

More information

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space Perfect Cipher Introduction to Cryptography Lecture 2 Benny Pinkas What type of security would we like to achieve? Given C, the adversary has no idea what M is Impossible since adversary might have a-priori

More information

Introduction to Cryptography. Lecture 3

Introduction to Cryptography. Lecture 3 Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic

More information

Cryptography: Symmetric Encryption [continued]

Cryptography: Symmetric Encryption [continued] CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption [continued] Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann,

More information

Information Security

Information Security SE 4472b Information Security Week 2-2 Some Formal Security Notions Aleksander Essex Fall 2015 Formalizing Security As we saw, classical ciphers leak information: Caeser/Vigenere leaks letter frequency

More information

Course Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18

Course Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18 Course Map Key Establishment Authenticated Encryption Key Management COMP 7/8120 Cryptography and Data Security Lecture 8: How to use Block Cipher - many time key Stream Ciphers Block Ciphers Secret Key

More information

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 1 Announcements Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 2 Recap and Overview Previous lecture: Symmetric key

More information

Lecture 8. 1 Some More Security Definitions for Encryption Schemes

Lecture 8. 1 Some More Security Definitions for Encryption Schemes U.C. Berkeley CS276: Cryptography Lecture 8 Professor David Wagner February 9, 2006 Lecture 8 1 Some More Security Definitions for Encryption Schemes 1.1 Real-or-random (rr) security Real-or-random security,

More information

Introduction to cryptology (GBIN8U16)

Introduction to cryptology (GBIN8U16) Introduction to cryptology (GBIN8U16) Finite fields, block ciphers Pierre Karpman pierre.karpman@univ-grenoble-alpes.fr https://www-ljk.imag.fr/membres/pierre.karpman/tea.html 2018 01 31 Finite fields,

More information

Symmetric Cryptography

Symmetric Cryptography CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...

More information

Crypto: Symmetric-Key Cryptography

Crypto: Symmetric-Key Cryptography Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three

More information

A Characterization of Authenticated-Encryption as a Form of Chosen-Ciphertext Security. T. Shrimpton October 18, 2004

A Characterization of Authenticated-Encryption as a Form of Chosen-Ciphertext Security. T. Shrimpton October 18, 2004 A Characterization of Authenticated-Encryption as a Form of Chosen-Ciphertext Security T. Shrimpton October 18, 2004 Abstract In this note we introduce a variation of the standard definition of chosen-ciphertext

More information

Solutions to exam in Cryptography December 17, 2013

Solutions to exam in Cryptography December 17, 2013 CHALMERS TEKNISKA HÖGSKOLA Datavetenskap Daniel Hedin DIT250/TDA351 Solutions to exam in Cryptography December 17, 2013 Hash functions 1. A cryptographic hash function is a deterministic function that

More information

Concrete Security of Symmetric-Key Encryption

Concrete Security of Symmetric-Key Encryption Concrete Security of Symmetric-Key Encryption Breno de Medeiros Department of Computer Science Florida State University Concrete Security of Symmetric-Key Encryption p.1 Security of Encryption The gold

More information

CS408 Cryptography & Internet Security

CS408 Cryptography & Internet Security CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php

More information

Double-DES, Triple-DES & Modes of Operation

Double-DES, Triple-DES & Modes of Operation Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES

More information

Lecture 4: Symmetric Key Encryption

Lecture 4: Symmetric Key Encryption Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by

More information

Cryptology complementary. Symmetric modes of operation

Cryptology complementary. Symmetric modes of operation Cryptology complementary Symmetric modes of operation Pierre Karpman pierre.karpman@univ-grenoble-alpes.fr https://www-ljk.imag.fr/membres/pierre.karpman/tea.html 2018 05 03 Symmetric modes 2018 05 03

More information

Cryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39

Cryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39 Cryptography 2017 Lecture 4 Attacks against Block Ciphers Introduction to Public Key Cryptography November 14, 2017 1 / 39 What have seen? What are we discussing today? What is coming later? Lecture 3

More information

Integrity of messages

Integrity of messages Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 106 Integrity of messages Goal: Ensure change of message by attacker can be detected Key tool: Cryptographic hash function Definition

More information

Advanced Cryptography 1st Semester Symmetric Encryption

Advanced Cryptography 1st Semester Symmetric Encryption Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 22th 2007 1 / 58 Last Time (I) Security Notions Cyclic Groups Hard Problems One-way IND-CPA,

More information

Cryptography (cont.)

Cryptography (cont.) CSE 484 / CSE M 584 (Autumn 2011) Cryptography (cont.) Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others

More information

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

CS 161 Computer Security. Week of September 11, 2017: Cryptography I Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key

More information

Lecture 18 - Chosen Ciphertext Security

Lecture 18 - Chosen Ciphertext Security Lecture 18 - Chosen Ciphertext Security Boaz Barak November 21, 2005 Public key encryption We now go back to public key encryption. As we saw in the case of private key encryption, CPA security is not

More information

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher

More information

Symmetric Cryptography

Symmetric Cryptography CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...

More information

Lecture 3: Symmetric Key Encryption

Lecture 3: Symmetric Key Encryption Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07

More information

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P)) CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption

More information

ECE 646 Lecture 8. Modes of operation of block ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.

More information

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu

More information

Some Aspects of Block Ciphers

Some Aspects of Block Ciphers Some Aspects of Block Ciphers Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in CU-ISI Tutorial Workshop on Cryptology, 17 th July 2011 Palash Sarkar

More information

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17

More information

Lecture 15: Public Key Encryption: I

Lecture 15: Public Key Encryption: I CSE 594 : Modern Cryptography 03/28/2017 Lecture 15: Public Key Encryption: I Instructor: Omkant Pandey Scribe: Arun Ramachandran, Parkavi Sundaresan 1 Setting In Public-key Encryption (PKE), key used

More information

Lecture 5. Constructions of Block ciphers. Winter 2018 CS 485/585 Introduction to Cryptography

Lecture 5. Constructions of Block ciphers. Winter 2018 CS 485/585 Introduction to Cryptography 1 Winter 2018 CS 485/585 Introduction to Cryptography Lecture 5 Portland State University Jan. 23, 2018 Lecturer: Fang Song Draft note. Version: January 25, 2018. Email fang.song@pdx.edu for comments and

More information

CIS 4360 Secure Computer Systems Symmetric Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

More information

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322

More information

Block Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5)

Block Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5) Block Ciphers Tutorial c Eli Biham - May 3, 2005 146 Block Ciphers Tutorial (5) A Known Plaintext Attack on 1-Round DES After removing the permutations IP and FP we get: L R 48 K=? F L R c Eli Biham -

More information

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu

More information

AWS Key Management Service (KMS) Handling cryptographic bounds for use of AES-GCM

AWS Key Management Service (KMS) Handling cryptographic bounds for use of AES-GCM AWS Key Management Service (KMS) Handling cryptographic bounds for use of AES-GCM Matthew Campagna Amazon Web Services Shay Gueron Amazon Web Services University of Haifa 1 Outline The AWS Key Management

More information

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

More information

Network Security Essentials Chapter 2

Network Security Essentials Chapter 2 Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need

More information

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017 COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Pseudorandom Permutations unctions that look like random permutations Syntax: Key space K (usually {0,1}

More information

Authenticated encryption

Authenticated encryption Authenticated encryption Mac forgery game M {} k R 0,1 s m t M M {m } t mac k (m ) Repeat as many times as the adversary wants (m, t) Wins if m M verify m, t = 1 Mac forgery game Allow the adversary to

More information

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some 3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption

More information

symmetric cryptography s642 computer security adam everspaugh

symmetric cryptography s642 computer security adam everspaugh symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcements Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)

More information

Goals of Modern Cryptography

Goals of Modern Cryptography Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary

More information

symmetric cryptography s642 computer security adam everspaugh

symmetric cryptography s642 computer security adam everspaugh symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcement Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)

More information

Authenticated Encryption

Authenticated Encryption 18733: Applied Cryptography Anupam Datta (CMU) Authenticated Encryption Online Cryptography Course Authenticated Encryption Active attacks on CPA-secure encryption Recap: the story so far Confidentiality:

More information

Stream Ciphers An Overview

Stream Ciphers An Overview Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext

More information

Applied Cryptography and Computer Security CSE 664 Spring 2018

Applied Cryptography and Computer Security CSE 664 Spring 2018 Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know

More information

Automated Analysis and Synthesis of Modes of Operation and Authenticated Encryption Schemes

Automated Analysis and Synthesis of Modes of Operation and Authenticated Encryption Schemes Automated Analysis and Synthesis of Modes of Operation and Authenticated Encryption Schemes Alex J. Malozemoff University of Maryland Joint work with Matthew Green, Viet Tung Hoang, and Jonathan Katz Presented

More information

Symmetric Encryption Algorithms

Symmetric Encryption Algorithms Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm

More information

Practical Symmetric On-line Encryption

Practical Symmetric On-line Encryption Practical Symmetric On-line Encryption Pierre-Alain Fouque, Gwenaëlle Martinet, and Guillaume Poupard DCSSI Crypto Lab 51 Boulevard de La Tour-Maubourg 75700 Paris 07 SP, France Pierre-Alain.Fouque@ens.fr

More information

Cryptography. Andreas Hülsing. 6 September 2016

Cryptography. Andreas Hülsing. 6 September 2016 Cryptography Andreas Hülsing 6 September 2016 1 / 21 Announcements Homepage: http: //www.hyperelliptic.org/tanja/teaching/crypto16/ Lecture is recorded First row might be on recordings. Anything organizational:

More information

Content of this part

Content of this part UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this

More information

Chapter 3 Block Ciphers and the Data Encryption Standard

Chapter 3 Block Ciphers and the Data Encryption Standard Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition

More information

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions

More information

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University February 8 2018 Review CPA-secure construction Security proof by reduction

More information

Chapter 6 Contemporary Symmetric Ciphers

Chapter 6 Contemporary Symmetric Ciphers Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and

More information

Distributed Key Management and Cryptographic Agility. Tolga Acar 24 Feb. 2011

Distributed Key Management and Cryptographic Agility. Tolga Acar 24 Feb. 2011 Distributed Key Management and Cryptographic Agility Tolga Acar 24 Feb. 2011 1 Overview Distributed Key Lifecycle Problem statement and status quo Distributed Key Manager Typical application scenario and

More information

2 Secure Communication in Private Key Setting

2 Secure Communication in Private Key Setting CSA E0 235: Cryptography January 11, 2016 Instructor: Arpita Patra Scribe for Lecture 2 Submitted by: Jayam Modi 1 Discrete Probability Background Probability Distribution -A probability distribution over

More information

Relaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack

Relaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Indian Statistical Institute Kolkata January 14, 2012 Outline 1 Definitions Encryption Scheme IND-CPA IND-CCA IND-CCVA

More information

7. Symmetric encryption. symmetric cryptography 1

7. Symmetric encryption. symmetric cryptography 1 CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption

More information

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading: C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,

More information

Proofs for Key Establishment Protocols

Proofs for Key Establishment Protocols Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish

More information

Data Encryption Standard (DES)

Data Encryption Standard (DES) Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:

More information

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4 EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review

More information

Chapter 4. Symmetric Encryption. 4.1 Symmetric encryption schemes

Chapter 4. Symmetric Encryption. 4.1 Symmetric encryption schemes Chapter 4 Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to imbue communicated data with various security attributes. The main security goals are

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.

More information

Lecture Note 05 Date:

Lecture Note 05 Date: P.Lafourcade Lecture Note 05 Date: 29.09.2009 Security models 1st Semester 2008/2009 MANGEOT Guillaume ROJAT Antoine THARAUD Jrmie Contents 1 Block Cipher Modes 2 1.1 Electronic Code Block (ECB) [Dwo01]....................

More information

Homework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.

Homework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit. Homework 2: Symmetric Crypto February 17, 2015 Submission policy. information: This assignment MUST be submitted as a PDF via websubmit and MUST include the following 1. List of collaborators 2. List of

More information

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function

More information

Lecture 1 Applied Cryptography (Part 1)

Lecture 1 Applied Cryptography (Part 1) Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication

More information

MTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems

MTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems

More information

1 Defining Message authentication

1 Defining Message authentication ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary

More information

Pipelineable On-Line Encryption (POE)

Pipelineable On-Line Encryption (POE) Pipelineable On-Line Encryption (POE) FSE 2014 Farzaneh Abed 2 Scott Fluhrer 1 John Foley 1 Christian Forler 2 Eik List 2 Stefan Lucks 2 David McGrew 1 Jakob Wenzel 2 1 Cisco Systems, 2 Bauhaus-Universität

More information

Symmetric Encryption. Thierry Sans

Symmetric Encryption. Thierry Sans Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion

More information

Block Cipher Operation

Block Cipher Operation Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback