Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:

Similar documents
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:

Secret Key Cryptography

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

AIT 682: Network and Systems Security

Secret Key Cryptography

Cryptography Functions

Data Encryption Standard (DES)

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CSCE 813 Internet Security Symmetric Cryptography

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Introduction. Secret Key Cryptography. Outline. Secrets? (Cont d) Secret Keys or Secret Algorithms? Introductory Remarks Feistel Cipher DES AES

Computational Security, Stream and Block Cipher Functions

P2_L6 Symmetric Encryption Page 1

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Encryption Details COMP620

Applied Cryptography Data Encryption Standard

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

Symmetric Key Cryptography

Modern Symmetric Block cipher

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

7. Symmetric encryption. symmetric cryptography 1

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Cryptography and Network Security

Cryptographic Algorithms - AES

CSC 474/574 Information Systems Security

Computer Security 3/23/18

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Content of this part

Secret Key Cryptography Overview

Block Encryption and DES

CHAPTER 1 INTRODUCTION

CIS 6930/4930 Computer and Network Security. Project requirements

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Chapter 6: Contemporary Symmetric Ciphers

Lecture 3: Symmetric Key Encryption

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Computer and Data Security. Lecture 3 Block cipher and DES

Goals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010

Lecture 4: Symmetric Key Encryption

CENG 520 Lecture Note III

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Symmetric Encryption. Thierry Sans

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Lecture 4. Encryption Continued... Data Encryption Standard (DES)

CPSC 467b: Cryptography and Computer Security

Secret Key Algorithms (DES)

FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed

CPSC 467b: Cryptography and Computer Security

Few Other Cryptanalytic Techniques

Symmetric Cryptography

Week 5: Advanced Encryption Standard. Click

Introduction to Modern Symmetric-Key Ciphers

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

Symmetric key cryptography

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

Introduction to the new AES Standard: Rijndael

Symmetric Cryptography CS461/ECE422

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Cryptography 2017 Lecture 3

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Assignment 3: Block Ciphers

Chapter 7 Advanced Encryption Standard (AES) 7.1

Lecture 5. Encryption Continued... Why not 2-DES?

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Symmetric Encryption Algorithms

SOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS

Content of this part

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Chapter 3 Block Ciphers and the Data Encryption Standard

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Improved Truncated Differential Attacks on SAFER

Cryptography and Network Security. Sixth Edition by William Stallings

Network Security Essentials Chapter 2

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

FPGA Based Design of AES with Masked S-Box for Enhanced Security

Network Security Essentials

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Symmetric Cryptography. CS4264 Fall 2016

IDEA, RC5. Modes of operation of block ciphers

Block Cipher Operation. CS 6313 Fall ASU

Fundamentals of Cryptography

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Linear Cryptanalysis of Reduced Round Serpent

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018

3 Symmetric Cryptography

A Chosen-key Distinguishing Attack on Phelix

SECRET KEY: STREAM CIPHERS & BLOCK CIPHERS

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

BLOWFISH ALGORITHM ON ITS OWN CLOUD COMPUTER PERFORMANCE AND IMPLEMENTATION

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Cryptography and Network Security

Transcription:

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:

Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted data should look random. As though someone flipped a fair coin 64 times and heads means 1 and tails 0. Any change in one bit of output corresponds to a huge change in the input (bits are uncorrelated). Should be about as many 1's as 0's usually.

Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted data should look random. As though someone flipped a fair coin 64 times and heads means 1 and tails 0. Any change in one bit of output corresponds to a huge change in the input (bits are uncorrelated). Should be about as many 1's as 0's usually. 2. Crypto algorithms try to spread the influence of each input bit to all output bits and change in one input bit should have 50% chance of changing any of the output bits (hence many rounds).

Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted data should look random. As though someone flipped a fair coin 64 times and heads means 1 and tails 0. Any change in one bit of output corresponds to a huge change in the input (bits are uncorrelated). Should be about as many 1's as 0's usually. 2. Crypto algorithms try to spread the influence of each input bit to all output bits and change in one input bit should have 50% chance of changing any of the output bits (hence many rounds). 3. Operations should be invertable hence xor and table lookup. Use of one key for both encryption and decryption.

Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted data should look random. As though someone flipped a fair coin 64 times and heads means 1 and tails 0. Any change in one bit of output corresponds to a huge change in the input (bits are uncorrelated). Should be about as many 1's as 0's usually. 2. Crypto algorithms try to spread the influence of each input bit to all output bits and change in one input bit should have 50% chance of changing any of the output bits (hence many rounds). 3. Operations should be invertable hence xor and table lookup. Use of one key for both encryption and decryption. 4. Attacks may be mitigated if they rely on operations that are not efficiently implemented in hardware yet allow normal operation to complete efficiently, even in software (e.g. permute).

Secret Key Systems - DES IBM/NSA 1977-64 bit blocks, 56 bit key, 8 bits parity 64 bit input block 32 bit L i 32 bit R i Encryption Round Mangler Function K i 32 bit L i+1 32 bit R i+1 64 bit output block

Secret Key Systems - DES IBM/NSA 1977-64 bit blocks, 56 bit key, 8 bits parity 64 bit input block 64 bit output block 32 bit L i 32 bit R i 32 bit L i 32 bit R i Encryption Round Mangler Function K n Decryption Round Mangler Function K n 32 bit L i+1 32 bit R i+1 32 bit L i+1 32 bit R i+1 64 bit output block 64 bit input block

Secret Key Systems - DES Generating per round keys K 2 6 from the 56 bit Key + 8 parity bits Key bits: 18 916 1724 2532 3340 4148 4956 5764

Secret Key Systems - DES Generating per round keys K 2 6 from the 56 bit Key + 8 parity bits Key bits: 18 916 1724 2532 3340 4148 4956 5764 C 0 : 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 D 0 : 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4

Secret Key Systems - DES Generating per round keys K 2 6 from the 56 bit Key + 8 parity bits Key bits: 18 916 1724 2532 3340 4148 4956 5764 C 0 : 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 D 0 : 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 Each round: K i has 48 bits assembled in 2 halves permuted from 24 bits each of C i and D i, K i+1 is obtained by rotating C i and D i left to form C i+1 and D i+1 (rotation is 1 bit for rounds 1,2,9,16 and 2 bits for other rounds)

Secret Key Systems - DES Generating per round keys K 2 6 from the 56 bit Key + 8 parity bits Key bits: 18 916 1724 2532 3340 4148 4956 5764 C 0 : 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 D 0 : 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 Each round: K i has 48 bits assembled in 2 halves permuted from 24 bits each of C i and D i, K i+1 is obtained by rotating C i and D i left to form C i+1 and D i+1 (rotation is 1 bit for rounds 1,2,9,16 and 2 bits for other rounds) Permutations: Left half C i : (9,18,22,25 are missing) 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 Right half D i : (35,38,43,54 are missing) 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32

Secret Key Systems - DES The Mangler function: mixes 32 bit input with 48 bit key to produce 32 bits 32 bit R i Mangler Function K i 32 bit R i+1

Secret Key Systems - DES The Mangler function: mixes 32 bit input with 48 bit key to produce 32 bits 32 bit R i 1. Expansion of input bits: Mangler Function K i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 32 bit R i+1

Secret Key Systems - DES The Mangler function: mixes 32 bit input with 48 bit key to produce 32 bits 32 bit R i 1. Expansion of input bits: Mangler Function K i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits R i (32 bits) 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 32 bit R i+1

Secret Key Systems - DES The Mangler function: mixes 32 bit input with 48 bit key to produce 32 bits 32 bit R i 1. Expansion of input bits: Mangler Function 32 bit R i+1 K i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits Expanded input (48 bits) 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits K i (48 bits) R i (32 bits)

Secret Key Systems - DES The Mangler function: mixes 32 bit input with 48 bit key to produce 32 bits 32 bit R i 1. Expansion of input bits: Mangler Function K i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits R i (32 bits) 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits Expanded input (48 bits) 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 32 bit R i+1 6 bits K i (48 bits) 2. Mixing with key: S Box i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits

Secret Key Systems - DES The Mangler function: mixes 32 bit input with 48 bit key to produce 32 bits 32 bit R i 1. Expansion of input bits: Mangler Function K i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits R i (32 bits) 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits Expanded input (48 bits) 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 6 bits 32 bit R i+1 6 bits K i (48 bits) 2. Mixing with key: S Box i 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits 4 bits R i+1 (32 bits)

Secret Key Systems - DES The S Box: maps 6 bit blocks to 4 bit sections S Box 1 (first 6 bits): Input bits 2,3,4,5 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 00 1110 0100 1101 0001 0010 1111 1011 1000 0011 1010 0110 1100 0101 1001 0000 0111 01 0000 1111 0111 0100 1110 0010 1101 0001 1010 0110 1100 1011 1001 0101 0011 1000 10 0100 0001 1110 1000 1101 0110 0010 1011 1111 1100 1001 0111 0011 1010 0101 0000 11 1111 1100 1000 0010 0100 1001 0001 0111 0101 1011 0011 1110 1010 0000 0110 1101 Input bits 1 and 6 Final permutation: 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

Secret Key Systems - DES Weak and semi-weak keys: If key is such that C 0 or D 0 are: 1) all 0s; 2) all 1s; 3) alternating 1s and 0s, then attack is easy. There are 16 such keys. Keys for which C 0 and D 0 are both 0 or both 1 are called weak (encrypting with key gives same result as decrypting).

Secret Key Systems - DES Weak and semi-weak keys: If key is such that C 0 or D 0 are: 1) all 0s; 2) all 1s; 3) alternating 1s and 0s, then attack is easy. There are 16 such keys. Keys for which C 0 and D 0 are both 0 or both 1 are called weak (encrypting with key gives same result as decrypting). Discussion: 1. Not much known about the design not made public Probably attempt to prevent known attacks 2. Changing S-Boxes has resulted in provably weaker system

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption Why not 2DES 1. Double encryption with the same key still requires searching 2 56 keys

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption Why not 2DES 1. Double encryption with the same key still requires searching 2 56 keys 2. Double encryption with two different keys is just as vulnerable as DES due to the following, assuming some <m,c> pairs are known:

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption Why not 2DES 1. Double encryption with the same key still requires searching 2 56 keys 2. Double encryption with two different keys is just as vulnerable as DES due to the following, assuming some <m,c> pairs are known: 56{ m: E(, m) 101010 1000011 2 100010 0101111 001011 0001101

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption Why not 2DES 1. Double encryption with the same key still requires searching 2 56 keys 2. Double encryption with two different keys is just as vulnerable as DES due to the following, assuming some <m,c> pairs are known: 2 56{ m: E(, m) 101010 1000011 100010 0101111 001011 0001101 2 56{ c: K 2 D(K 2, c) 101110 0001101 001110 1000011 001011 0001101

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption Why not 2DES 1. Double encryption with the same key still requires searching 2 56 keys 2. Double encryption with two different keys is just as vulnerable as DES due to the following, assuming some <m,c> pairs are known: 2 56{ m: E(, m) 101010 1000011 100010 0101111 001011 0001101 2 56{ c: K 2 D(K 2, c) 101110 0001101 001110 1000011 001011 0001101

Two keys and K 2 : Secret Key Systems - 3DES K 2 K 2 m E D E c encryption c D E D m decryption Why not 2DES 1. Double encryption with the same key still requires searching 2 56 keys 2. Double encryption with two different keys is just as vulnerable as DES due to the following, assuming some <m,c> pairs are known: 2 56{ m: E(, m) 101010 1000011 100010 0101111 001011 0001101 56{ c: K 2 D(K 2, c) Test matches on 101110 0001101 other <m,c> pairs 2 m E(K 001110 1000011 1,m) D(K 001011 0001101 2,c) c

Secret Key Systems - 3DES Why not 2DES 2. Double encryption with two different keys is just as vulnerable as DES due to the following, assuming some <m,c> pairs are known: How many <m,c> pairs do you need? 2 64 possible blocks 2 56 table entries each block has probability 2-8 = 1/256 of showing in a table probability a block is in both tables is 2-16 average number of matches is 2 48 average number of matches for two <m,c> pairs is about 2 32 for three <m,c> pairs is about 2 16 for four <m,c> pairs is about 2 0 3. Triple encryption with two different keys - 112 bits of key is considered enough - straightforward to find a triple of keys that maps a given plaintext to a given ciphertext (no known attack with 2 keys) - EDE: use same keys to get DES, EEE: effect of permutations lost

CBC with 3DES: Secret Key Systems - 3DES m i m i+1 m i m i+1 E E E E K 2 D D K 2 D D E E c i c i+1 E E outside c i c i+1 inside

Secret Key Systems - 3DES CBC with 3DES: 1. On the outside same attack as with CBC change a block with side effect of garbling another 2. On the inside attempt at changing a block results in all block garbled to the end of the message. 3. On the inside use three times as much hardware to pipeline encryptions resulting in DES speeds. 4. On the outside EDE simply is a drop-in replacement for what might have been there before.

Secret Key Systems - IDEA ETH Zuria 1991-64 bit blocks, 128 bit key, 0 bits parity: 64 bit input block Odd Encryption Round 16 bit X i,a 16 bit X i,b 16 bit X i,c 16 bit X i,d Multiplication mod 2 16 +1. 0 is K K i,a i,a K i,a K i,a treated as 2 16 (invertible) 16 bit X i+1,a 16 bit X i+1,b 16 bit X i+1,c 16 bit X i+1,d Addition but throw away carries 64 bit output block

Secret Key Systems - IDEA ETH Zuria 1991-64 bit blocks, 128 bit key, 0 bits parity: 64 bit input block Even Encryption Round 16 bit X i,a 16 bit X i,b 16 bit X i,c 16 bit X i,d Mangler Function Ki,e K i,f 16 bit X i+1,a 16 bit X i+1,b 16 bit X i+1,c 16 bit X i+1,d Y in = X i,a X i,b Z in = X i,c X i,d Y out = ((K i,e Y in ) Z in K i,f Z out = (K i,e Y in ) Y out X i+1,a = X i,a Y out X i+1,b = X i,b Y out X i+1,c = X i,c Z out X i+1,d = X i,d Z out 64 bit output block

Secret Key Systems - IDEA Key generation 52 16 bit keys needed (2 per even round 4 per odd): 128 bit key,a,b,c,d K 2,e K 2,f K 3,a K 3,b

Secret Key Systems - IDEA Key generation 52 16 bit keys needed (2 per even round 4 per odd): 128 bit key,a,b,c,d K 2,e K 2,f K 3,a K 3,b 128 bit key 128 bit key K 3,c K 3,d K 4,e K 4,f K 5,a K 5,b K 5,c K 5,d 25 bits

Secret Key Systems - AES NIST (2001) parameterized key size (128 bits to 256 bits) 4N b octet inp 4N k octet key a 0,0 a 0,5 k 0,0 k 0,3 a 1,0 a 2,0 a 1,5 a 2,5 k 1,0 k 2,0 k 1,3 k 2,3 a 3,0 a 3,5 k 3,0 k 3,3 key expansion K 0 round 1

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5 A byte as a polynomial: b 7 x 7 +b 6 x 6 +b 5 x 5 +b 4 x 4 +b 3 x 3 +b 2 x 2 +b 1 x 1 +b 0, b i {0,1}

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5 A byte as a polynomial: b 7 x 7 +b 6 x 6 +b 5 x 5 +b 4 x 4 +b 3 x 3 +b 2 x 2 +b 1 x 1 +b 0, b i {0,1} Addition: (x 6 +x 4 +x 2 +x 1 +1) + (x 7 +x 1 +1) = x 7 +x 6 +x 4 +x 2 (exclusive or)

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5 A byte as a polynomial: b 7 x 7 +b 6 x 6 +b 5 x 5 +b 4 x 4 +b 3 x 3 +b 2 x 2 +b 1 x 1 +b 0, b i {0,1} Addition: (x 6 +x 4 +x 2 +x 1 +1) + (x 7 +x 1 +1) = x 7 +x 6 +x 4 +x 2 (exclusive or) Multiplication: (x 6 +x 4 +x 2 +x 1 +1)*(x 7 +x 1 +1) = x 13 +x 11 +x 9 +x 8 +x 6 +x 5 +x 4 +x 3 +x 1 +1

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5 A byte as a polynomial: b 7 x 7 +b 6 x 6 +b 5 x 5 +b 4 x 4 +b 3 x 3 +b 2 x 2 +b 1 x 1 +b 0, b i {0,1} Addition: (x 6 +x 4 +x 2 +x 1 +1) + (x 7 +x 1 +1) = x 7 +x 6 +x 4 +x 2 (exclusive or) Multiplication: (x 6 +x 4 +x 2 +x 1 +1)*(x 7 +x 1 +1) = x 13 +x 11 +x 9 +x 8 +x 6 +x 5 +x 4 +x 3 +x 1 +1 Irreducible polynomial: m(x) = x 8 +x 4 +x 3 +x 1 +1

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5 A byte as a polynomial: b 7 x 7 +b 6 x 6 +b 5 x 5 +b 4 x 4 +b 3 x 3 +b 2 x 2 +b 1 x 1 +b 0, b i {0,1} Addition: (x 6 +x 4 +x 2 +x 1 +1) + (x 7 +x 1 +1) = x 7 +x 6 +x 4 +x 2 (exclusive or) Multiplication: (x 6 +x 4 +x 2 +x 1 +1)*(x 7 +x 1 +1) = x 13 +x 11 +x 9 +x 8 +x 6 +x 5 +x 4 +x 3 +x 1 +1 Irreducible polynomial: m(x) = x 8 +x 4 +x 3 +x 1 +1 Multiplication mod m(x): (x 6 +x 4 +x 2 +x 1 +1)*(x 7 +x 1 +1) mod m(x) = x 7 +x 6 +1

Secret Key Systems - AES 1. Byte Substitution via S-box - the transformation is invertable a 0,0 a 0,5 b 0,0 b 0,5 a 1,0 a 2,0 a 1,5 a 2,5 b 1,0 b 2,0 b 1,5 b 2,5 a 3,0 a 3,5 b 3,0 b 3,5 A byte as a polynomial: b 7 x 7 +b 6 x 6 +b 5 x 5 +b 4 x 4 +b 3 x 3 +b 2 x 2 +b 1 x 1 +b 0, b i {0,1} Addition: (x 6 +x 4 +x 2 +x 1 +1) + (x 7 +x 1 +1) = x 7 +x 6 +x 4 +x 2 (exclusive or) Multiplication: (x 6 +x 4 +x 2 +x 1 +1)*(x 7 +x 1 +1) = x 13 +x 11 +x 9 +x 8 +x 6 +x 5 +x 4 +x 3 +x 1 +1 Irreducible polynomial: m(x) = x 8 +x 4 +x 3 +x 1 +1 Multiplication mod m(x): (x 6 +x 4 +x 2 +x 1 +1)*(x 7 +x 1 +1) mod m(x) = x 7 +x 6 +1 Use Euclid's algorithm to compute, for any b(x): b(x)*a(x) + c(x)*m(x) = 1 That is, b(x) and a(x) are inverses modulo m(x): b -1 (x) = a(x) mod m(x) This defines the S-box.

2. Row shift (cycle, left) Secret Key Systems - AES b 0,0 b 0,5 b 0,0 b 0,5 b 1,0 b 2,0 b 1,5 b 2,5 b 1,1 b 2,2 b 1,0 b 2,1 b 3,0 b 3,5 b 3,3 b 3,2 N b Row 1 2 3 4 1 2 3 6 1 2 3 8 1 3 4

Secret Key Systems - AES 3. Mixed Column Transformation constants are 8 bits now E: b 0,0 b 0,5 02 03 01 01 b 1,0 b 2,0 b 3,0 c 0,0 b 1,5 c 1,0 b 2,5 c 2,0 b 3,5 c 3,0 c 0,5 c 1,5 c 2,5 c 3,5 01 02 03 01 01 01 02 03 03 01 01 02 Let e(x) = e 3 x 3 +e 2 x 2 +e 1 x 1 +e 0, where e 3 =0x03, e 2 =e 1 =0x01, e 0 =0x02 Then c(x) = e(x)*b(x) mod x 4 +1, multiplication obtained via E*b

Secret Key Systems - AES 4. Round Key Addition (that is, exclusive or) c 0,0 c 0,5 d 0,0 d 0,5 c 1,0 c 2,0 c 1,5 c 2,5 d 1,0 d 2,0 d 1,5 d 2,5 c 3,0 c 3,5 d 3,0 d 3,5 k 0,0 k 1,0 k 2,0 k 0,5 k 1,5 k 2,5 k 3,0 k 3,5 Number of round key bits = blck_lngth*(rnds+1) (e.g. 128bit, 10rnds = 1408) Taken from expansion of cipher key Let's forget about the expansion right now

Key Schedule example for N b =6 Secret Key Systems - AES W 0 W 1 W 5 W 6 W 11 1 st round 2 nd round 3 rd round

Notes: Secret Key Systems - AES 1. Many operations are table look ups so they are fast 2. Parallelism can be exploited 3. Key expansion only needs to be done one time until the key is changed 4. The S-box minimizes the correlation between input and output bits

Secret Key Systems - AES Number of rounds N k N b 4 6 8 4 10 12 14 6 12 12 14 8 14 14 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback