Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Similar documents
Introduction to Cryptography. Lecture 3

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Double-DES, Triple-DES & Modes of Operation

SECRET KEY: STREAM CIPHERS & BLOCK CIPHERS

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Introduction to Cryptography. Lecture 3

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Chapter 6 Contemporary Symmetric Ciphers

Block Cipher Operation. CS 6313 Fall ASU

Content of this part

Network Security Essentials Chapter 2

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Chapter 3 Block Ciphers and the Data Encryption Standard

CSC 474/574 Information Systems Security

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Symmetric Encryption. Thierry Sans

Secret Key Cryptography

Modern Symmetric Block cipher

Cryptography and Network Security

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Information Security CS526

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

ECE 646 Lecture 8. Modes of operation of block ciphers

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Data Encryption Standard (DES)

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

3 Symmetric Cryptography

Chapter 6: Contemporary Symmetric Ciphers

IDEA, RC5. Modes of operation of block ciphers

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Lecture 4: Symmetric Key Encryption

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

CIS 4360 Secure Computer Systems Symmetric Cryptography

Cryptography III: Symmetric Ciphers

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Solutions to exam in Cryptography December 17, 2013

CPSC 467b: Cryptography and Computer Security

Study Guide to Mideterm Exam

Practical Aspects of Modern Cryptography

CPSC 467: Cryptography and Computer Security

Geldy : A New Modification of Block Cipher

Symmetric key cryptography

Block Cipher Operation

Symmetric Encryption

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

7. Symmetric encryption. symmetric cryptography 1

1 Achieving IND-CPA security

Stream Ciphers and Block Ciphers

Lecture 3: Symmetric Key Encryption

The Rectangle Attack

Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage

Secret Key Cryptography (Spring 2004)

Using block ciphers 1

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Goals of Modern Cryptography

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

CPSC 467b: Cryptography and Computer Security

Applied Cryptography Data Encryption Standard

Some Aspects of Block Ciphers

Winter 2011 Josh Benaloh Brian LaMacchia

Cryptography Functions

Network Security Essentials

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Computer Security CS 526

CSC574: Computer & Network Security

EEC-484/584 Computer Networks

Lecture 1 Applied Cryptography (Part 1)

Symmetric Encryption Algorithms

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Block Cipher Modes of Operation

U-II BLOCK CIPHER ALGORITHMS

Introduction to Symmetric Cryptography

Lecture 2: Shared-Key Cryptography

Stream Ciphers. Stream Ciphers 1

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Computer Security 3/23/18

Crypto: Symmetric-Key Cryptography

Encryption Details COMP620

Computer and Data Security. Lecture 3 Block cipher and DES

Modes of Operation. Raj Jain. Washington University in St. Louis

Stream Ciphers An Overview

Introduction to cryptology (GBIN8U16)

Block Cipher Modes of Operation

CPSC 467: Cryptography and Computer Security

symmetric cryptography s642 computer security adam everspaugh

Jaap van Ginkel Security of Systems and Networks

Cryptography. Summer Term 2010

Private-Key Encryption

Symmetric Cryptography

AN ABSTRACT OF THE THESIS OF

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Information Security CS526

Lecture 4. Encryption Continued... Data Encryption Standard (DES)

Transcription:

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers

Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function of the key and the first i-1 ciphertext bits. Combine the stream with the plaintext to produce the ciphertext (typically by XOR)

Example of Stream Encryption Key Stream Plaintext = Ciphertext

Example of Stream Decryption Key Stream Ciphertext = Plaintext

Real Cipher Streams Most pre-wwii machines German Enigma Linear Feedback Shift Register A5 encrypting GSM handset to base station communication RC-4 (Ron s Code)

Terminology Stream cipher is called synchronous if keystream does not depend on the plaintext (depends on key alone). Otherwise cipher is called asynchronous.

Current Example: RC-4 Part of the RC family Claimed by RSA as their IP Between 1987 and 1994 its internal was not revealed little analytic scrutiny Preferred export status Code released anonymously on the Internet Used in many systems: Lotus Notes, SSL, etc.

RC4 Properties Variable key size stream cipher with byte oriented operations. Based on using a random looking permutation. 8-16 machine operations per output byte. Very long cipher period (over 10 100 ). Widely believed to be secure. Used for encryption in SSL web protocol.

RC-4 Initialization 1. j=0 2. S 0 =0, S 1 =1,, S 255 =255 3. Let the key be k 0,,k 255 (repeating bits if necessary) 4. For i=0 to 255 j = (j + S i + k i ) mod 256 Swap S i and S j

RC-4 Key-stream Creation Generate an output byte B by: i = (i+1) mod 256 j = (j +S i ) mod 256 Swap S i and S j t = (S i + S j ) mod 256 B = S t B is XORed with next plaintext byte

Block Ciphers Encrypt a block of input to a block of output Typically, the two blocks are of the same length Most symmetric key systems block size is 64 In AES block size is 128 Different modes for encrypting plaintext longer than a block

Real World Block Ciphers DES, 3-DES AES (Rijndael) RC-2 RC-5 IDEA Blowfish, Cast Gost

ECB Mode Encryption (Electronic Code Book) P 1 P 2 P 3 E k E k E k C 1 C 2 C 3 encrypt each plaintext block separately

Properties of ECB Simple and efficient Parallel implementation possible Does not conceal plaintext patterns Active attacks are possible (plaintext can be easily manipulated by removing, repeating, or interchanging blocks).

CBC Mode Encryption (Cipher Block Chaining) S 0 P 1 P 2 P 3 E k E k E k C 1 C 2 C 3 Previous ciphertext is XORed with current plaintext before encrypting current block. An initialization vector S 0 is used as a seed for the process. Seed can be openly transmitted.

Properties of CBC Asynchronous stream cipher Errors in one ciphertext block propagate Conceals plaintext patterns No parallel implementation known Plaintext cannot be easily manipulated. Standard in most systems: SSL, IPSec etc.

OFB Mode (Output FeedBack) An initialization vector s 0 is use as a ``seed' for a sequence of data blocks s i

Properties of OFB Synchronous stream cipher Errors in ciphertext do not propagate Pre-processing is possible Conceals plaintext patterns No parallel implementation known Active attacks by manipulating plaintext are possible

AES Proposed Modes CTR (Counter) mode (OFB modification): Parallel implementation, offline preprocessing, provable security, simple and efficient OCB (Offset Codebook) mode - parallel implementation, offline preprocessing, provable security (under specific assumptions), authenticity

Strengthening a Given Cipher Design multiple key lengths AES Whitening - the DESX idea Iterated ciphers Triple DES (3-DES), triple IDEA and so on

Triple Cipher - Diagram P E k1 E k2 E k3 C

Iterated Ciphers Plaintext undergoes encryption repeatedly by underlying cipher Ideally, aach stage uses a different key In practice triple cipher is usually C= E k1 (E k2 (E k1 (P))) [EEE mode] or C= E k1 (D k2 (E k1 (P))) [EDE mode] EDE is more common in practice

Necessary Condition For some block ciphers iteration does not enhance security Example substitution cipher Consider a block cipher: blocks of size b bits, and key of size k The number of all possible functions mapping b bits to b bits is (2 b ) 2b

Necessary Condition (cont.) The number of all possible encryption functions (bijections) is 2 b! The number of encryption functions in our cipher is at most 2 k. Claim: The bijections are a group G under the operation (composition) Claim: If the encryptions of a cipher form a subgroup of G then iterated cipher does not increases security.

Meet in the Middle Attack Double ciphers are rarely used due to this attack Attack requires Known plaintext 2 k+1 encryptions and decryptions k 2 k storage space A square root of trivial attacking time at the expense of storage

Meet in the Middle (cont.) Given a plaintext-ciphertext pair (p,c) Compute & store the table of D k2 (c) for all k 2 takes 2 k decryptions, k 2 k storage. For every k 1, test if E k1 (p) is in table Every hit gives a possible k 1,k 2 pair May have to repeat several times Meet in the middle is applicable to any iterated cipher, reducing the trivial processing time by 2 k encryptions

Two or Three Keys Sometimes only two keys are used in 3- DES Identical key must be at beginning and end Legal advantage (export license) due to smaller overall key size Used as a KEK in the BPI protocol which secures the DOCSIS cable modem standard

Some Group Theory

Sub-groups Let (G, ) be a group. (H, ) is a sub-group of (G, ) if it is a group, and H G Claim: If G is finite and (H, ) is closed, then (H, ) is a sub-group of (G, ). Examples Lagrange theorem: if G is finite and (H, ) is a sub-group of (G, ) then H divides G

Order of Elements Let a n denote a,, a n times We say that a is of order n if a n =1, and for any m<n, a m 1 Examples Euler theorem: in the multiplicative group of Z n any element is of order at most φ(n)

Adversary s Goals Final goal: recover key Intermediate goals: Reduce key space Discover plaintext patterns Rec over portions of plaintext Change ciphertext to produce meaningful plaintext, without breaking the system (active attack)

Generic Attacks Exhaustive search Type: ciphertext only Time: 2 k decryptions per ciphertext Storage: constant Table lookup Type: chosen plaintext Time: offline 2 k decryptions, online constant Storage: 2 k ciphertexts

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback