Block Cipher Operation. CS 6313 Fall ASU

Similar documents
Chapter 6 Contemporary Symmetric Ciphers

Double-DES, Triple-DES & Modes of Operation

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Network Security Essentials Chapter 2

Chapter 3 Block Ciphers and the Data Encryption Standard

Symmetric Encryption Algorithms

Content of this part

CENG 520 Lecture Note III

Modern Symmetric Block cipher

Block Cipher Operation

Using block ciphers 1

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Symmetric Encryption. Thierry Sans

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

CIS 4360 Secure Computer Systems Symmetric Cryptography

Block Cipher Modes of Operation

7. Symmetric encryption. symmetric cryptography 1

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CSC 474/574 Information Systems Security

ECE 646 Lecture 8. Modes of operation of block ciphers

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Block Cipher Modes of Operation

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Introduction to Symmetric Cryptography

Data Encryption Standard (DES)

CSCE 548 Building Secure Software Symmetric Cryptography

Lecture 1 Applied Cryptography (Part 1)

Crypto: Symmetric-Key Cryptography

Secret Key Cryptography

Stream Ciphers and Block Ciphers

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Chapter 6: Contemporary Symmetric Ciphers

Some Aspects of Block Ciphers

Modes of Operation. Raj Jain. Washington University in St. Louis

Secret Key Cryptography Overview

1 Achieving IND-CPA security

The Rectangle Attack

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Stream Ciphers and Block Ciphers

Network Security Essentials

Lecture 4: Symmetric Key Encryption

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques

Conventional Encryption: Modern Technologies

Symmetric Cryptography

Symmetric key cryptography

Lecture 3: Symmetric Key Encryption

P2_L6 Symmetric Encryption Page 1

3 Symmetric Cryptography

Computer Security CS 526

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Stream Ciphers An Overview

IDEA, RC5. Modes of operation of block ciphers

Cryptography Symmetric Encryption Class 2

L9: Stream and Block Ciphers. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Cryptology complementary. Symmetric modes of operation

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Cryptography 2017 Lecture 3

Information Security CS526

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Cryptography [Symmetric Encryption]

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Summary. Final Week. CNT-4403: 21.April

Symmetric Cryptography

c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4) c Eli Biham - March 13, Cryptanalysis of Modes of Operation (4)

Simple DES DES Modes of operation Triple DES AES RSA Attacks Primality test factoring.

Introduction to Cryptography. Lecture 3

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography III: Symmetric Ciphers

Scanned by CamScanner

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan

CPSC 467: Cryptography and Computer Security

Block Ciphers. Advanced Encryption Standard (AES)

Applied Cryptography Data Encryption Standard

CSCE 813 Internet Security Symmetric Cryptography

Elastic Block Ciphers: Method, Security and Instantiations

A General Analysis of the Security of Elastic Block Ciphers

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage

Symmetric Encryption

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Symmetric-Key Cryptography

Introduction to Cryptography. Lecture 3

Summary on Crypto Primitives and Protocols

Transcription:

Chapter 7 Block Cipher Operation 1

Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES Mode for Block-Oriented Storage Devices q Format-Preserving Encryption 2

Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES Mode for Block-Oriented Storage Devices q Format-Preserving Encryption 3

Triple DES Needed a replacement for DES theoretical attacks that can break DES exhaustive key search attacks have been demonstrated Advanced Encryption Standard is a new cipher alternative Alternative: use multiple encryption with DES Triple-DES is the chosen form 4

Why not Double DES? C = E(K 2,E(K 1,P)) P = D(K 1,D(K 2, C)) key length is 56 x 2 = 112 bits 5

Reduction to a Single Stage The possibility to find a key K 3 such that E(K 2, E(K 1,P)) = E(K 3,P) Then double DES will be reduced to single DES Encryption vs. mapping If two input blocks mapped to the same output block, impossible to recover the original message (decryption) DES defines one mapping for each different key Total number of mapping 6

Meet-in-the-Middle Attack The use of double DES results in a mapping that is not equivalent to a single DES encryption The meet-in-the-middle attack algorithm will attack this scheme and does not depend on any particular property of DES but will work against any block encryption cipher 7

Why not Double DES Meet-in-the-Middle Attack note: X = E(K 1,P) = D(K 2,C) 1. step: encrypt P with all keys K 1 and store X 2. step: decrypt C with all keys K 2 and match X values Attacks take O(2 56 ) steps, not much better than DES with O(2 55 ) Double DES uses a 112-bit key For a given plaintext P, the number of different 112-bit keys to produce a given ciphertext: 2 112 /2 64 = 2 48 About 2 48 false alarms on the first (P, C) pair With an additional 64 bits of known plaintext and ciphertext The false alarm rate is reduced to 2 48-64 = 2-16 8

Triple DES with Two-Keys Use 3 encryptions with 2 keys C = E(K 1,D(K 2,E(K 1,P))) P = D(K 1,E(K 2,D(K 1,C))) If K1=K2 then 3DES can decrypt single DES No current known practical attacks 9

Attacks on 3DES Brute-force: 2 112 Finding plaintext to produce first intermediate value of A=0 Using meet-in-the-middle on Double DES: 2 56 Requires 2 56 chosen plaintext-ciphertext pairs: impossible Known-plaintext attack Assume that we know a and C è attacks on Double DES Hard to know a Using potential a K 1 = i K 2 = j 10

Attacks on 3DES (cont d) 1. Obtain n (P, C) pairs 2. Pick an arbitrary value a for a, and create a second table (try 2 56 possible keys) P i = D(i,a) B = D(i,C) 3. With a number of candidate values of K 1, search for K 2 For each of the 2 56 possible keys K 2 = j, calculate B j = D(j,a) If matched, key pair (i, j) is one candidate 4. Test all candidate pairs of keys (i, j) to see if all plaintext-ciphertext pair succeed If not, repeat with a new value of a 11

Selecting the Value of a The probability of selecting a correct a: 1/2 64 Given n (P, C) pairs, the probability is n/2 64 Probability theory: N balls: n red balls, N-n green balls The expected number of draws to get one red ball: (N+1)/(n+1) The expected number of values of a that must be tried: The expected running time of the attack 12

13 First Red Ball from N Balls The expected number of draws to get one red ball out of a bin containing n red balls and N-n green balls: Derived from (arithmetic mean): Example: number of draws to get the first red ball out of 4 balls (2 red balls and 2 green balls): 1 1 + + n N 1 1 1 1 1 1 1 1 1 + + = + + + + = = n N i N n j N n j N i n N i i j 3 5 2 1 3 2 2 1 3 1 4 2 3 3 2 4 2 2 4 2 1 = + + = + +

Triple DES with Three-Keys Although no practical attacks on two-key Triple-DES Can use Triple-DES with three keys to avoid any doubts C = E(K 3,D(K 2,E(K 1,P))) Has been adopted by some Internet applications, eg PGP, S/MIME 14

Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES Mode for Block-Oriented Storage Devices q Format-Preserving Encryption 15

Modes of Operation Block ciphers encrypt fixed size blocks Eg. DES encrypts 64-bit blocks, with 56-bit key Need way to use in practice, given usually have arbitrary amount of information to encrypt Four were defined for DES in ANSI standard ANSI X3.106-1983 Modes of Use Subsequently now have 5 for DES and AES Have block and stream modes Block modes Splits messages in blocks (ECB, CBC) Stream modes On bit stream messages (CFB, OFB) 16

Modes of Operation Mode Description Typical Application Electronic Codebook (ECB) Each block of plaintext bits is encoded independently using the same key. Cipher Block Chaining (CBC) The input to the encryption algorithm is the XOR of the next block of plaintext and the preceding block of ciphertext. Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR) Input is processed s bits at a time. Preceding ciphertext is used as input to the encryption algorithm to produce pseudorandom output, which is XORed with plaintext to produce next unit of ciphertext. Similar to CFB, except that the input to the encryption algorithm is the preceding encryption output, and full blocks are used. Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block. Secure transmission of single values (e.g., an encryption key) General-purpose blockoriented transmission Authentication General-purpose streamoriented transmission Authentication Stream-oriented transmission over noisy channel (e.g., satellite communication) General-purpose blockoriented transmission Useful for high-speed requirements 17

Electronic Codebook (ECB) 18

Electronic Codebook (ECB) Plaintext is encrypted in blocks of fixed size Possibly need padding at the end of message Each plaintext block is substituted with ciphertext block, like a codebook Blocks are encrypted independently Ci = DES(K, Pi) Disadvantage: structure in plaintext shows up in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem equal blocks are encrypted as equal ciphertext blocks ciphertext blocks can be modified without detection Weakness due to encrypted message blocks being independent Main use: secure transmission of single values 19

Criteria to Compare with ECB 20

Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES Mode for Block-Oriented Storage Devices q Format-Preserving Encryption 21

Cipher Block Chaining (CBC) 22

Cipher Block Chaining (CBC) blocks are linked together in the encryption operation use Initial Vector (IV) to start process (needs to be known to sender and receiver) uses: bulk data encryption, authentication 23

Advantages and Limitations of CBC Each ciphertext block depends on all message blocks Thus a change in the message affects all ciphertext blocks after the change as well as the original block Need Initialization Vector (IV), nonce, known to sender & receiver However, if IV is sent in the clear, an attacker can change bits of the first block, and change IV to compensate Hence either IV must be a fixed value or it must be sent encrypted in ECB mode before rest of message At end of message, handle possible last short block By padding either with known non-data value (eg nulls) Or pad last block with count of pad size Eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count 24

Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES Mode for Block-Oriented Storage Devices q Format-Preserving Encryption 25

s-bit Cipher Feedback (CFB): Encryption 26

s-bit Cipher Feedback (CFB): Decryption 27

Cipher Feedback (CFB) Plaintext is treated as a stream of bits Appropriate when data arrives in bits/bytes Added to the output of the block cipher Result is feedback for next stage Standard allows any number of bits (1,8, 64...) to be feed back; denoted CFB-1, CFB-8, CFB-64 etc Is most efficient to use all 64 bits (CFB-64) Errors propagate for several blocks after the error Uses: stream data encryption, authentication 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback