Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.
|
|
- Darcy Casey
- 6 years ago
- Views:
Transcription
1 UNIT II BLOCK CIPHER UNIT II Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring. 2.1 SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES) The overall structure of the simplified DES. The S-DES encryption algorithm takes an 8- bit block of plaintext (example: ) and a 10-bit key as input and produces an 8-bit block of ciphertext as output. The S-DES decryption algorithm takes an 8-bit block of ciphertext and the same 10-bit key used to produce that ciphertext as input and produces the original 8-bit block of plaintext. The encryption algorithm involves five functions: An initial permutation (IP) a complex function labeled f k, which involves both permutation and substitution operations and depends on a key input a simple permutation function that switches (SW) the two halves of the data the function f k again a permutation function that is the inverse of the initial permutation
2 The function f k takes as input not only the data passing through the encryption algorithm, but also an 8-bit key. Here a 10-bit key is used from which two 8-bit subkeys are generated. The key is first subjected to a permutation (P10). Then a shift operation is performed. The output of the shift operation then passes through a permutation function that produces an 8-bit output (P8) for the first subkey (K1). The output of the shift operation also feeds into another shift and another instance of P8 to produce the second subkey (K2). The encryption algorithm can be expressed as a composition composition1 of functions: IP -1 ο f K2 ο SW ο f k1 ο IP Which can also be written as Ciphertext = IP -1 (f K2 (SW (f k1 (IP (plaintext))))) Where K1 = P8 (Shift (P10 (Key))) K2 = P8 (Shift (shift (P10 (Key)))) Decryption can be shown as Plaintext = IP -1 (f K1 (SW (f k2 (IP (ciphertext))))) S-DES key generation Figure: key generation for S-DES
3 S-DES depends on the use of a 10-bit key shared between sender and receiver. From this key, two 8-bit subkeys are produced for use in particular stages of the encryption and decryption algorithm. First, permute the key in the following fashion. Let the 10-bit key be designated as (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10). Then the permutation P10 is defined as: P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6) P10 can be concisely defined by the display: P This table is read from left to right; each position in the table gives the identity of the input bit that produces the output bit in that position. So the first output bit is bit 3 of the input; the second output bit is bit 5 of the input, and so on. For example, the key ( ) is permuted to ( ). Next, perform a circular left shift (LS-1), or rotation, separately on the first five bits and the second five bits. In our example, the result is ( ). Next we apply P8, which picks out and permutes 8 of the 10 bits according to the following rule: P The result is subkey 1 (K1). In our example, this yields ( ). We then go back to the pair of 5-bit strings produced by the two LS-1 functions and performs a circular left shift of 2 bit positions on each string. In our example, the value ( ) becomes ( ). Finally, P8 is applied again to produce K2. In our example, the result is ( ) S-DES encryption Encryption involves the sequential application of five functions. Initial and Final Permutations The input to the algorithm is an 8-bit block of plaintext, which we first permute using the IP function: IP This retains all 8 bits of the plaintext but mixes them up.
4 Consider the plaintext to be Permuted output = At the end of the algorithm, the inverse permutation is used: IP The Function f k The most complex component of S-DES is the function f k, which consists of a combination of permutation and substitution functions. The functions can be expressed as follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit input to f K, and let F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let f k (L, R) = ( L F( R, SK), R) Where SK is a subkey and is the bit-by-bit exclusive-or function. e.g., permuted output = and suppose F (1101, SK) = (1110) for some key SK. Then f K( ) = , 1101 = We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first operation is an expansion/permutation operation: E/P e.g., R= 1101 E/P output = It is clearer to depict the result in this fashion: The 8-bit subkey K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added to this value using exclusive-or:
5 Let us rename these 8 bits: The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a 2- bit output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-bit output. These two boxes are defined as follows: The S-boxes operate as follows. The first and fourth input bits are treated as a 2-bit number that specify a row of the S-box, and the second and third input bits specify a column of the S-box. The entry in that row and column, in base 2, is the 2-bit output. For example, if (p0,0 p0,3) = ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0, column 2 of S0, which is 3, or (11) in ) binary. Similarly, (p1,0 p1,3) and ( p1,1 p1,2) are used to index into a row and column of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1 undergo a further permutation as follows: P The output of P4 is the output of the function F The Switch Function The function f K only alters the leftmost 4 bits of the input. The switch function (SW) interchanges the left and right 4 bits so that the second instance of f K operates on a different 4 bits. In this second instance, the E/P, S0, S1, and P4 functions are the same. The key input is K2. Finally apply inverse permutation to get the ciphertext.
6 2.2 BLOCK CIPHER PRINCIPLES Virtually, all symmetric block encryption algorithms in current use are based on a structure referred to as Fiestel block cipher. For that reason, it is important to examine the design principles of the Fiestel cipher. We begin with a comparison of stream cipher with block cipher. A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. E.g, vigenere cipher. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text block of equal length. Typically a block size of 64 or 128 bits is used Block cipher principles most symmetric block ciphers are based on a Feistel Cipher Structure needed since must be able to decrypt ciphertext to recover messages efficiently block ciphers look like an extremely large substitution would need table of 264 entries for a 64-bit block instead create from smaller building blocks using idea of a product cipher in 1949 Claude Shannon introduced idea of substitution- permutation (S-P) networks called modern substitution-transposition product cipher these form the basis of modern block ciphers S-P networks are based on the two primitive cryptographic operations we have seen before: substitution (S-box) permutation (P-box) provide confusion and diffusion of message diffusion - dissipates statistical structure of plaintext over bulk of ciphertext confusion - makes relationship between ciphertext and key as complex as possible Feistel cipher structure The input to the encryption algorithm are a plaintext block of length 2w bits and a key K. the plaintext block is divided into two halves L 0 and R 0. The two halves of the data pass through n rounds of processing and then combine to produce the ciphertext block. Each round i has inputs L i-1 and R i-1, derived from the previous round, as well as the subkey K i, derived from the overall key K. in general, the subkeys K i are different from K and from each other.
7 All rounds have the same structure. A substitution is performed on the left half of the data (as similar to S-DES). This is done by applying a round function F to the right half of the data and then taking the XOR of the output of that function and the left half of the data. The round function has the same general structure for each round but is parameterized by the round subkey k i. Following this substitution, a permutation is performed that consists of the interchange of the two halves of the data. This structure is a particular form of the substitution-permutation network. The exact realization of a Feistel network depends on the choice of the following parameters and design features: Block size - Increasing size improves security, but slows cipher Key size - Increasing size improves security, makes exhaustive key searching harder, but may slow cipher Number of rounds - Increasing number improves security, but slows cipher Subkey generation - Greater complexity can make analysis harder, but slows cipher Round function - Greater complexity can make analysis harder, but slows cipher Fast software en/decryption & ease of analysis - are more recent concerns for practical use and testing. The process of decryption is essentially the same as the encryption process. The rule is as follows: use the cipher text as input to the algorithm, but use the subkey k i in reverse order. i.e., k n in the first round, k n-1 in second round and so on. For clarity, we use the notation LE i and RE i for data traveling through the decryption algorithm. The diagram below indicates that, at each round, the intermediate value of the decryption process is same (equal) to the corresponding value of the encryption process with two halves of the value swapped. i.e., RE i LE i (or) equivalently RD 16-i LD 16-i After the last iteration of the encryption process, the two halves of the output are swapped, so that the cipher text is RE 16 LE 16. The output of that round is the cipher text. Now take the cipher text and use it as input to the same algorithm. The input to the first round is RE 16 LE 16, which is equal to the 32-bit swap of the output of the sixteenth round of the encryption process.
8 Fig : Feistel encryption and decryption
9 Now we will see how the output of the first round of the decryption process is equal to a 32-bit swap of the input to the sixteenth round of the encryption process. First consider the encryption process, decryption side, LE 16 = RE 15 RE 16 = LE 15 F (RE 15, K 16 ) On the LD 1 =RD 0 = LE 16 =RE 15 RD 1 = LD 0 F (RD 0, K 16 ) = RE 16 F (RE 15, K 16 ) = [LE 15 F (RE 15, K 16 )] F (RE 15, K 16) = LE 15 Therefore, LD 1 = RE 15 RD 1 = LE 15 In general, for the i th iteration of the encryption algorithm, LE i = RE i-1 RE i = LE i-1 F (RE i-1, K i ) Finally, the output of the last round of the decryption process is RE 0 LE 0. A 32-bit swap recovers the original plaintext. MULTIPLE ENCRYPTION & DES clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks AES is a new cipher alternative prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form Double-DES could use 2 DES encrypts on each block C = E K2 (E K1 (P)) issue of reduction to single stage and have "meet-in-the-middle" attack works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store
10 then decrypt C with keys and match X value can show takes O(2 56 ) steps Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) nb encrypt & decrypt equivalent in security if K1=K2 then can work with single DES standardized in ANSI X9.17 & ISO8732 no current known practical attacks Triple-DES with Three-Keys although are no practical attacks on two key Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these C = E K3 (D K2 (E K1 (P))) has been adopted by some Internet applications eg PGP, S/MIME 2.4 Modes of Operation block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts of data in practise ANSI X Modes of Use (now FIPS 81) defines 4 possible modes subsequently 5 defined for AES & DES have block and stream modes Electronic Codebook Book (ECB) message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks C i = DES K1 (P i ) uses: secure transmission of single values
11 Electronic Codebook Book (ECB) Advantages and Limitations of ECB message repetitions may show in ciphertext o o o if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem weakness is due to the encrypted message blocks being independent main use is sending a few blocks of data Cipher Block Chaining (CBC) message is broken into blocks linked together in encryption operation each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process C i = DES K1 (P i XOR C i-1 ) C -1 = IV uses: bulk data encryption, authentication
12 Cipher Block Chaining (CBC) Message Padding at end of message must handle a possible last short block o which is not as large as blocksize of cipher o pad either with known non-data value (eg nulls) o or pad last block along with count of pad size eg. [ b1 b2 b ] means have 3 data bytes, then 5 bytes pad+count this may require an extra entire block over those in message there are other, more esoteric modes, which avoid the need for an extra block Advantages and Limitations of CBC a ciphertext block depends on all blocks before it any change to a block affects all following ciphertext blocks need Initialization Vector (IV) o which must be known to sender & receiver o if sent in clear, attacker can change bits of first block, and change IV to compensate o hence IV must either be a fixed value (as in EFTPOS) o or must be sent encrypted in ECB mode before rest of Message
13 2.4.4 Cipher FeedBack (CFB) message is treated as a stream of bits added to the output of the block cipher result is feed back for next stage (hence name) standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc most efficient to use all bits in block (64 or 128) C i = P i XOR DES K1 (C i-1 ) C -1 = IV uses: stream data encryption, authentication Cipher FeedBack (CFB)
14 Advantages and Limitations of CFB appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error Output FeedBack (OFB) message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed in advance C i = P i XOR O i O i = DES K1 (O i-1 ) O -1 = IV uses: stream encryption on noisy channels Output FeedBack (OFB)
15 Advantages and Limitations of OFB bit errors do not propagate more vulnerable to message stream modification a variation of a Vernam cipher hence must never reuse the same sequence (key+iv) sender & receiver must remain in sync originally specified with m-bit feedback subsequent research has shown that only full block feedback (ie CFB-64 or CFB-128) should ever be used Counter (CTR) a "new" mode, though proposed early on similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i Oi = DES K1 (i) uses: high-speed network encryptions
16 Advantages and Limitations of CTR efficiency o o o can do parallel encryptions in h/w or s/w can preprocess in advance of need good for bursty high speed links random access to encrypted data blocks modes) provable security (good as other but must ensure never reuse key/counter values, otherwise could break (cf OFB) Evaluation Criteria for AES The Origins of AES clear a replacement for DES was needed Key size is too small The variants are just patches can use Triple-DES but slow, has small blocks US NIST issued call for ciphers in candidates accepted in Jun 98 5 were shortlisted in Aug-99 AES Evaluation initial criteria: security effort for practical cryptanalysis cost in terms of computational efficiency algorithm & implementation characteristics final criteria: general security ease of software & hardware implementation implementation attacks restricted-space environments Attacks on implementations Encryption versus decryption Key agility Flexibility
17 Potential for instruction-level parallelism AES Cipher Rinjdael Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001 designed by Joan Daemen and Vincent Rijmen in Belgium has 128/192/256 bit keys, 128 bit data an iterative rather than Feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round Characteristics: resistant against known attacks speed and code compactness on many CPUs design simplicity
18 Shift Row Transformation a circular byte shift in each each 1 st row is unchanged 2 nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left Mix Columns each column is processed separately each byte is replaced by a value dependent on all 4 bytes in the column effectively a matrix multiplication in GF(2 8 ) using prime poly m(x) =x 8 +x 4 +x 3 +x+1
19 Add Round Key The 128 bits of state are bitwise XORed with the 128 bits of the round key. The operation is viewed as a columnwise operation between the 4 bytes of a State column and one word of the round key. 2.7 PRINCIPLES OF PUBLIC KEY CRYPTOGRAPHY The concept of public key cryptography evolved from an attempt to attack two of the most difficult problems associated with symmetric encryption. Key distribution under symmetric key encryption requires either (1) that two communicants already share a key, which someone has been distributed to them or (2) the use of a key distribution center. Digital signatures Public key cryptosystems Public key algorithms rely on one key for encryption and a different but related key for decryption. These algorithms have the following important characteristics: It is computationally infeasible to determine the decryption key given only the knowledge of the cryptographic algorithm and the encryption key. In addition, some algorithms, such as RSA, also exhibit the following characteristic: Either of the two related keys can be used for encryption, with the other used for decryption.
20 The essential steps are the following: Each user generates a pair of keys to be used for encryption and decryption of messages. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. If A wishes to send a confidential message to B, A encrypts the message using B s public key. When B receives the message, it decrypts using its private key. No other recipient can decrypt the message because only B knows B s private key. With this approach, all participants have access to public keys and private keys are generated locally by each participant and therefore, need not be distributed. As long as a system controls its private key, its incoming communication is secure. Let the plaintext be X=[X1, X2, X3,,Xm] where m is the number of letters in some finite alphabets. Suppose A wishes to send a message to B. B generates a pair of keys: a public key KU b and a private key KR b. KR b is known only to B, whereas KU b is publicly available and therefore accessible by A. With the message X and encryption key KU b as input, A forms the cipher text Y=[Y1, Y2, Y3, Yn]., i.e., Y=E KU b (X) The receiver can decrypt it using the private key KR b. i.e., X=D KR b (). The encrypted message serves as a digital signature. It is important to emphasize that the encryption process just described does not provide confidentiality. There is no protection of confidentiality because any observer can decrypt the message by using the sender s public key. It is however, possible to provide both the authentication and confidentiality by a double use of the public scheme.
21 Fig Public Key Cryptosystem Ciphertext Z = EKU b [EKR a (X)] Plaintext X = EKU a [EKR b (Y)] Initially, the message is encrypted using the sender s private key. This provides the digital signature. Next, we encrypt again, using the receiver s public key. The final ciphertext can be decrypted only by the intended receiver, who alone has the matching private key. Thus confidentiality is provided Requirements for public key cryptography It is computationally easy for a party B to generate a pair [KU b, KR b ]. It is computationally easy for a sender A, knowing the public key and the message to be encrypted M, to generate the corresponding ciphertext: C=EKU b (M). It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message: M = DKR b (C) = DKR b [EKU b (M)] It is computationally infeasible for an opponent, knowing the public key KU b, to determine the private key KR b. It is computationally infeasible for an opponent, knowing the public key KU b, and a ciphertext C, to recover the original message M. The encryption and decryption functions can be applied in either order:
22 M = EKU b [DKR b (M) = DKU b [EKR b (M)] Public key cryptanalysis Public key encryption scheme is vulnerable to a brute force attack. The counter measure is to use large keys. 2.8 RSA Algorithm It was developed by Rivest, Shamir and Adleman. This algorithm makes use of an expression with exponentials. Plaintext is encrypted in blocks, with each block having a binary value less than some number n. That is, the block size must be less than or equal to log 2 (n); in practice, the block size is k-bits, where 2 k < n < 2 k+1. Encryption and decryption are of the following form, for some plaintext block M and ciphertext block C: C = M e mod n M = C d mod n = (M e mod n) mod n = (M e ) d mod n = M ed mod n Both the sender and receiver know the value of n. the sender knows the value of e and only the receiver knows the value of d. thus, this is a public key encryption algorithm with a public key of KU = {e, n} and a private key of KR = {d, n}. For this algorithm to be satisfactory for public key encryption, the following requirements must be met: It is possible to find values of e, d, n such that M ed = M mod n for all M<n. It is relatively easy to calculate M e and C d for all values of M<n. It is infeasible to determine d given e and n. Let us focus on the first requirement. We need to find the relationship of the form: M ed = M mod n A corollary to Euler s theorem fits t0068e bill: Given two prime numbers p and q and two integers, n and m, such that n=pq and 0<m<n, and arbitrary integer k, the following relationship holds kф(n) +1 m = m k(p-1)(q-1) +1 = m mod n where Ф(n) - Euler totient function, which is the number of positive integers less than n and relatively prime to n. we can achieve the desired relationship, if ed=kф(n)+1
23 This is equivalent to saying: ed 1 mod Ф(n) d = e -1 mod Ф(n) That is, e and d are multiplicative inverses mod Ф(n). According to the rule of modular arithmetic, this is true only if d (and therefore e) is relatively prime to Ф(n). Equivalently, gcd(ф(n), d) = 1. The steps involved in RSA algorithm for generating the key are Select two prime numbers, p = 17 and q = 11. Calculate n = p*q = 17*11 = 187 Calculate Ф(n) = (p-1)(q-1) = 16*10 = 160. Select e such that e is relatively prime to Ф(n) = 160 and less than Ф(n); we choose e = 7. Determine d such that ed 1 mod Ф(n) and d<160. the correct value is d = 23, because 23*7 = 161 = 1 mod The RSA algorithm: Key Generation Select p, q Calculate n = p x q Calculate (n) = (p -l)(q - 1) p,q both prime p q Select integer e gcd( (n), e) = 1; 1< e< (n) Calculate d d= e -1mod (n) Public key Private key KU = { e,n} KR = {d,n}
24 Encryption Plaintext M<n Ciphertext C = M e (mod n) Decryption Ciphertext C Plaintext M = C d (mod n) Encryption Decryption Plain Text Cipher text KU = 7,187 KR = 23, 187 Figure : Example of RSA Algorithm Security of RSA There are three approaches to attack the RSA: brute force key search (infeasible given size of numbers) mathematical attacks (based on difficulty of computing ø(n), by factoring modulus N) timing attacks (on running time of decryption) Factoring Problem Mathematical approach takes 3 forms: Factor n = p*q, hence find Ф(n) and then d. Determine Ф(n)directly without determining p and q and find d. Find d directly, without first determination Ф(n). Timing attacks It has been proved that the opponent can determine a private key by keeping track of how long a computer takes to decipher messages. Although the timing attack is a serious threat, there are simple countermeasures that can be used:
25 Constant exponentiation time - ensures that all exponentiations take the same amount of time before returning a result. Random delay - better performance could be achieved by adding a random delay to the exponentiation algorithm to confuse the timing attack. Blinding - multiply the ciphertext by a random number before performing exponentiation. Security of Hash functions and MACs Brute Force attacks Hash the security depends solely on the length of the hash code. for a code of length n the effort needed is proportional to the following depending on the properties required for the hash-function: Strong collision resistance 2 n/2 Weak collision resistance 2 n One way 2 n Brute Force attacks MAC requires known message-mac pairs computational resistance: Given text-mac pairs (x i, CK(x i )), it is computationallyu infeasible to compute any text-mac pair (x, C K (x)) for any new input x,x i Either the key-space or the MAC value can be attacked. By finding the secret key, attacker can produce a valid MAC for any message. The effort needed to find the key is 2 k. In attacking the MAC the goal is to generate a valit MAC for a specific message, or to find a message that matches a ginven MAC. The effort is comparable to Weak-collision resistant property of a hash-code, i.e. 2 n. Cryptanalytic attacks these attacks seek to exploit some property of the algorithm to perform an attack other than exhaustive search. Cryptanalytic attacks hash any hash-function based on CBC is vulnerable the resistance of the code against birthday attack is proportional to the block length of the used block-cipher (e.g. 64 bits in DES). Cryptanalytic attacks MAC little work has been done to develope these attacks resistance greater than the corresponding hash 2.9 PRIMALITY TESTING For many cryptographic functions it is necessary to select one or more very large prime numbers at random. Thus we are faced with the task of determining whether a given large number is prime. There is no simple yet efficient means of accomplishing this task.
26 Traditionally sieve for primes using trial division of all possible prime factors of some number, but this only works for small numbers. a generalisation of Fermat's Theorem a ø(n) = 1 (mod n) for any a,n where gcd(a,n)=1 eg. a=3;n=10; ø(10)=4; hence 3 4 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 2 10 = 1024 = 1 mod 11 also have: a ø(n)+1 = a (mod n) Alternatively can use repeated statistical primality tests based on properties of primes, and then for certainty, use a slower deterministic primality test, such as the AKS test Miller Rabin Algorithm The algorithm shown is due to Miller and Rabin is typically used to test a large number for primality. which relies on some properties of primes that result from Fermat s theorem. a test based on prime properties that result from Fermat s Theorem algorithm is: TEST (n) is: 1. Find integers k, q, k > 0, q odd, so that (n 1)=2 k q 2. Select a random integer a, 1<a<n 1 3. if a q mod n = 1 then return ( inconclusive"); 4. for j = 0 to k 1 do 5. if (a 2jq mod n = n-1) then return( inconclusive") 6. return ( composite") We use the Miller-Rabin algorithm to determine with a high degree of confidence whether or not an integer is prime? If Miller-Rabin returns composite the number is definitely not prime, otherwise it is either a prime or a pseudo-prime. The chance it detects a pseudoprime is < 1 / 4 So if apply test repeatedly with different values of a, the probabiility that the number is a pseudo-prime can be made as small as desired, eg after 10 tests have chance of error < If need certainty, then would now expend effort to run a deterministic primality proof such as AKS. Prior to 2002, there was no known method of efficiently proving the primality of very large numbers. All of the algorithms in use, including the most popular (Miller-Rabin), produced a probabilistic result. In 2002, Agrawal, Kayal, and Saxena [AGRA02] developed a relatively simple deterministic algorithm that efficiently determines whether a given large number is a prime. The algorithm, known as the AKS algorithm, does not appear to be as efficient as the Miller-Rabin algorithm. Thus far, it has not supplanted this older, probabilistic technique.
27 if Miller-Rabin returns composite the number is definitely not prime otherwise is a prime or a pseudo-prime chance it detects a pseudo-prime is < 1 / 4 hence if repeat test with different random a then chance n is prime after t tests is: Pr(n prime after t tests) = 1-4 -t eg. for t=10 this probability is > could then use the deterministic AKS test Prime Distribution prime number theorem states that primes occur roughly every (ln n) integers but can immediately ignore evens so in practice need only test 0.5 ln(n) numbers of size n to locate a prime note this is only the average sometimes primes are close together other times are quite far apart 2.10 Factoring Problem We can identify three approaches to attacking RSA mathematically, as shown. Mathematicians currently believe all equivalent to factoring. See Stallings Table 9.4 (next slide) for progress in factoring, where see slow improvements over the years, with the biggest improvements coming from improved algorithms. The best current algorithm is the Lattice Sieve (LS), which replaced the Generalized Number Field Sieve (GNFS), which replaced the Quadratic Sieve (QS). Have to assume computers will continue to get faster, and that better factoring algorithms may yet be found. Thus, we need to be careful in choosing a key size for RSA. For the near future, a key size in the range of 1024 to 2048 bits seems reasonable. In addition to specifying the size of n, a number of other constraints have been suggested by researchers. To avoid values of n that may be factored more easily, the algorithm's inventors suggest the following constraints on p and q: 1. p and q should differ in length by only a few digits. Thus, for a 1024-bit key (309 decimal digits), both p and q should be on order of to Both (p 1) and (q 1) should contain a large prime factor 3. gcd(p 1, q 1) should be small. mathematical approach takes 3 forms: factor n=p.q, hence compute ø(n) and then d determine ø(n) directly and compute d find d directly currently believe all equivalent to factoring have seen slow improvements over the years as of May-05 best is 200 decimal digits (663) bit with LS biggest improvement comes from improved algorithm cf QS to GHFS to LS currently assume bit RSA is secure ensure p, q of similar size and matching other constraints
28 2.10.1Progress in Factoring Table.5 shows the progress in factoring to date. The level of effort is measured in MIPSyears: a million-instructions-per-second processor running for one year, which is about 3 x instructions executed. A 1 GHz Pentium is about a 250-MIPS machine. The threat to larger key sizes is twofold: the continuing increase in computing power, and the continuing refinement of factoring algorithms. We have seen that the move to a different algorithm resulted in a tremendous speedup. We can expect further refinements in the GNFS, and the use of an even better algorithm is also a possibility. In fact, a related algorithm, the special number field sieve (SNFS), can factor numbers with a specialized form considerably faster than the generalized number field sieve. Stallings Figure 9.9 compares the performance of the two algorithms. It is reasonable to expect a breakthrough that would enable a general factoring performance in about the same time as SNFS, or even better.
Chapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationCENG 520 Lecture Note III
CENG 520 Lecture Note III Symmetric Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationPublic Key Encryption. Modified by: Dr. Ramzi Saifan
Public Key Encryption Modified by: Dr. Ramzi Saifan Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime numbers are central to number
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationCrypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion
Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C
More informationCS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES
CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationCryptography and Network Security
Cryptography and Network Security CRYPTOGRAPHY AND NETWORK SECURITY PRAKASH C. GUPTA Former Head Department of Information Technology Maharashtra Institute of Technology Pune Delhi-110092 2015 CRYPTOGRAPHY
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationSecret Key Cryptography Overview
Secret Key Cryptography Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc01_07/ Block ciphers
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationPublic Key Cryptography and RSA
Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationCS669 Network Security
UNIT II PUBLIC KEY ENCRYPTION Uniqueness Number Theory concepts Primality Modular Arithmetic Fermet & Euler Theorem Euclid Algorithm RSA Elliptic Curve Cryptography Diffie Hellman Key Exchange Uniqueness
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationConventional Encryption: Modern Technologies
Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationChapter 3 Public Key Cryptography
Cryptography and Network Security Chapter 3 Public Key Cryptography Lectured by Nguyễn Đức Thái Outline Number theory overview Public key cryptography RSA algorithm 2 Prime Numbers A prime number is an
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationBlock Encryption and DES
Block Encryption and DES Plain Text Block 1 Block 2 Block 3 Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationECE 646 Fall 2009 Final Exam December 15, Multiple-choice test
ECE 646 Fall 2009 Final Exam December 15, 2009 Multiple-choice test 1. (1 pt) Parallel processing can be used to speed up the following cryptographic transformations (please note that multiple answers
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 8 September 28, 2015 CPSC 467, Lecture 8 1/44 Chaining Modes Block chaining modes Extending chaining modes to bytes Public-key Cryptography
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationLECTURE 4: Cryptography
CSC 519 Information Security LECTURE 4: Cryptography Dr. Esam A. Alwagait alwagait@ksu.edu.sa Recap form previous Lecture We discussed more symmetric encryption. Books? Security Engineering, Ross Anderson
More informationSymmetric Cryptography CS461/ECE422
Symmetric Cryptography CS461/ECE422 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Section 2.4-2.6 and 12.2 in Security in Computing
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Misconceptions Concerning Public-Key Encryption Public-key encryption is more secure from
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture 6 Message Authentication message authentication is concerned with: protecting the integrity of a message validating
More informationModern Block Ciphers
Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate
More informationRSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.
RSA (material drawn from Avi Kak (kak@purdue.edu) Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto. protocols The RSA algorithm is based on the following property
More informationCryptography Symmetric Encryption Class 2
Cryptography Symmetric Encryption Class 2 Stallings: Ch 3 & 6 Stallings: Ch 4 CEN-5079: 18.January.2018 1 Symmetric Cryptosystems Encryption Key Decryption Key Plaintext Plaintext Encryption Algorithm
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationCryptography III: Symmetric Ciphers
Cryptography III: Symmetric Ciphers Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 14th February 2008 Outline Stream ciphers Block ciphers DES and Rijndael Summary
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationCryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building
Cryptographic Techniques Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building Outline Data security Cryptography basics Cryptographic systems DES RSA C. H. HUANG IN CML 2 Cryptography
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationPublic Key Algorithms
Public Key Algorithms CS 472 Spring 13 Lecture 6 Mohammad Almalag 2/19/2013 Public Key Algorithms - Introduction Public key algorithms are a motley crew, how? All hash algorithms do the same thing: Take
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationSome Stuff About Crypto
Some Stuff About Crypto Adrian Frith Laboratory of Foundational Aspects of Computer Science Department of Mathematics and Applied Mathematics University of Cape Town This work is licensed under a Creative
More informationStudy Guide to Mideterm Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #7 Professor M. J. Fischer February 20, 2012 Study Guide to Mideterm Exam For the exam, you are responsible
More informationDarshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques
Q 1. Draw and explain Feistel s structure for encryption and decryption. The exact realization of Feistel network depends on the choice of which parameters? Feistel cipher is based on the idea that instead
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationU-II BLOCK CIPHER ALGORITHMS
U-II BLOCK CIPHER ALGORITHMS IDEA: Idea is block cipher similar to DES Works on 64 bit plaintext block Key is longer and consist of 128 bits Idea is reversible like DES i.e. same algorithm can be used
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More information