ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Similar documents
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Encryption Details COMP620

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptographic Algorithms - AES

Cryptography and Network Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Implementation of Full -Parallelism AES Encryption and Decryption

Data Encryption Standard (DES)

A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm

The Encryption Standards

Introduction to Cryptology. Lecture 17

Secret Key Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

FPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY

ENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms

Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,

Cryptography Functions

AES Advanced Encryption Standard

Goals of Modern Cryptography

Block Ciphers Introduction

Private-Key Encryption

Symmetric Key Cryptography

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Cryptography and Network Security

Symmetric Cryptography. CS4264 Fall 2016

Lecture 4. Encryption Continued... Data Encryption Standard (DES)

Lecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

CPSC 467b: Cryptography and Computer Security

Fundamentals of Cryptography

Goals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010

Block Cipher Operation. CS 6313 Fall ASU

CPSC 467b: Cryptography and Computer Security

Network Security Essentials

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Symmetric Encryption. Thierry Sans

FPGA Based Design of AES with Masked S-Box for Enhanced Security

Content of this part

Modern Symmetric Block cipher

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

CPSC 467: Cryptography and Computer Security

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

CS 392/681 Computer Security. Module 1 Private Key Cryptography

A New hybrid method in watermarking using DCT and AES

FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri

Content of this part

CS Network Security. Module 6 Private Key Cryptography

Winter 2011 Josh Benaloh Brian LaMacchia

128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Encryption and Decryption by AES algorithm using FPGA

FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Block Ciphers. Secure Software Systems

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Low area implementation of AES ECB on FPGA

Lecture 4: Symmetric Key Encryption

Stream Ciphers and Block Ciphers

Chapter 3 Block Ciphers and the Data Encryption Standard

CENG 520 Lecture Note III

DFA on AES. Christophe Giraud. Oberthur Card Systems, 25, rue Auguste Blanche, Puteaux, France.

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Design and Implementation of Rijndael Encryption Algorithm Based on FPGA

IMPLEMENTATION OF EFFICIENT AND HIGH SPEED AES ALGORITHM FOR SECURED DATA TRANSMISSION

Lecture 3: Symmetric Key Encryption

EEC-484/584 Computer Networks

High Performance Single-Chip FPGA Rijndael Algorithm Implementations

Symmetric Cryptography CS461/ECE422

Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures

7. Symmetric encryption. symmetric cryptography 1

Chapter 7 Advanced Encryption Standard (AES) 7.1

Computer Security CS 526

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Week 5: Advanced Encryption Standard. Click

Lecture 2: Secret Key Cryptography

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

AES Core Specification. Author: Homer Hsing

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Some Aspects of Block Ciphers

CSC 474/574 Information Systems Security

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Digital Logic Design using Verilog and FPGA devices Part 2. An Introductory Lecture Series By Chirag Sangani

Chap. 3. Symmetric Key Crypto (Block Ciphers)

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

FPGA Can be Implemented Using Advanced Encryption Standard Algorithm

Computer Security 3/23/18

CSC574: Computer & Network Security

ENHANCED AES ALGORITHM FOR STRONG ENCRYPTION

Part XII. From theory to practice in cryptography

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Computer and Data Security. Lecture 3 Block cipher and DES

Area Optimization in Masked Advanced Encryption Standard

Double-DES, Triple-DES & Modes of Operation

Implementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001

VLSI Implementation of Advanced Encryption Standard using Rijndael Algorithm

Transcription:

ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and present the AES cryptosystem. 1 On the Security of DES 1.1 The Avalanche Effect For any encryption/decryption algorithm, a desirable property is that a small change in either the plaintext or the key should result in a significant change in the produced ciphertext (WHY?). DES indeed exhibits a strong avalanche effect. The avalanche effect can be illustrated by considering the following two experiments: Experiment 1 Pick two plaintexts that differ at only one bit. Encrypt both plaintexts with the same key. XOR the two ciphertexts and count the number of ones. Example: and x 1 = 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, x 2 = 10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, K = 00000001 1001011 0100100 11000100 0011100 0011000 0011100 0110010, yields two ciphertexts that differ at 35 bits after the third round in DES, and a final difference of 34 bits after all 16 rounds have been executed. Experiment 2 Pick two keys that differ at only one bit. Encrypt the same plaintext using the two different keys. XOR the two ciphertexts and count the number of ones. Example: and x = 01101000 10000101 00101111 01111010 000010011 01110110 11101011 10100100, K 1 = 1110010 1111011 1101111 0011000 0011101 0000100 0110001 1101100, K 2 = 0110010 1111011 1101111 0011000 0011101 0000100 0110001 1101100, yields two ciphertexts that differ to 26 bits after the third round in DES, and a final difference of 35 bits after all 16 rounds have been executed.

2 ECE 596C: Cryptography for Secure Communications with Applications to Network Security 1.2 The strength of 56-Bit keys With a key length of 56 bits, there are 2 56 possible keys, i.e. approximately 7.2 10 16 keys. With today s technology breaking a DES encryption via brute-force attack has been proved feasible. In 1998 the Electronic Frontier Foundation (EFF) developed a DES cracker worth a quarter million dollars, that broke DES in 56 hours. The DES cracker searched 88 billion keys per second. In 1999, DES was cracked within 22 hours and 15 minutes by using the idle cycles of 100,000 networked computers worldwide. The network was capable of searching 245 billion keys per second. In 2007, researchers from Germany developed an FPGA based machine called COPACOBANA, with off-the-self components that can break a DES encryption in 6.4 days (on average). Given the short key length, the DES scheme cannot be considered secure. However, note that the adversary must have an estimate of the plaintext to perform a brute-force attack. Without plaintext knowledge or a plaintext estimate, it is not possible to determine when the right DES key is found. 2 The AES Standard The Advanced Encryption Standard (AES) standard was adopted by NIST in December of 2001. It was designed by two Belgian scientists, Rinjmen and Daemen (it is also known as the Rijmen cipher). It has been adopted by the US government as the default encryption cipher, wherever encryption is required (details can be found at http://csrc.nist.gov/publications/fips/fips197/fips- 197.pdf) 2.1 Description of the cipher The AES is a block cipher with a block length of 128 bits (as opposed to 64 bits in DES). It can operate with three different key lengths; 128 bits, 192 bits and 256 bits. Like DES, it is also an iterative cipher with a number of rounds that depends on the key length. 10 rounds for a key length of 128 bits, 12 rounds for a key length of 192 bits and 14 rounds for a key length of 256 bits. In AES, all operations are performed on a byte basis. Blocks of 128 bits are split to 16 bytes which are organized into 4x4 arrays, which are also referred to as states. The following operations take place Key Expansion using Rijndael s key schedule Initial Round 1. AddRoundKey Nr 1 Rounds 1. SubBytes: a non-linear substitution step where each byte is replaced with another according to a lookup table. 2. ShiftRows: a transposition step where each row of the state is left-shifted cyclically a number of steps equal to the row number. 3. MixColumns: a mixing operation which operates on the columns of the state, combining the four bytes in each column. 4. AddRoundKey: each byte of the state is XORed with the round key. Final round 1. SubBytes 2. ShiftRows 3. AddRoundKey

Handout # 7 3 2.2 The SubBytes transformation This is a typical S-box lookup table operation. For example, if s 1,1 = {53}, then the substitution value would be determined by the intersection of the row with index 5 and the column with index 3 in Fig. 7. This would result in s 1,1 = {ed}. Fig. 1. The SubBytes transformation. Fig. 2. The SubBytes lookup table. 2.3 The ShiftRows Transformation In the ShiftRows transformation, the bytes in each row of the state are cyclically shifted over a number of bytes equal to the row number.

4 ECE 596C: Cryptography for Secure Communications with Applications to Network Security Fig. 3. The ShiftRows tranformation. 2.4 The MixColumns Transformation The MixColumns transformation operates on the state column-by-column, treating each column as a four-term polynomial GF(2 8 ) and multiplied modulo x 4 +1 with a fixed polynomial a(x). Fig. 4. The MixColumns transformation. 2.5 Key Expansion The AES algorithm takes the cipher key K and expands it to generate a key schedule. The total number of keys generated is equal to (Nr +1), each of which is 16 bytes long. The key scheduling is word oriented with each word consisting of 4 bytes. For a 10 round AES, we need a total of 11*4 = 44 words to be generated from an initial key of 4 words. Key Expansion transformations,

Handout # 7 5 Algorithm 1 Key Expansion Algorithm 1: INPUT K 2: RCon[1] 01000000 3: RCon[2] 02000000 4: RCon[3] 04000000 5: RCon[4] 08000000 6: RCon[5] 10000000 7: RCon[6] 20000000 8: RCon[7] 40000000 9: RCon[8] 80000000 10: RCon[9] 1B000000 11: RCon[10] 36000000 12: for i 0 to 3 do w[i] (key[4i],key[4i+1],key[4i+2],key[4i+3]) 13: end for 14: for i 4 to 43 do 15: temp w[i 1] 16: if i 0 (mod 4) then 17: temp SubWord(RotWord(temp)) RCon[ i 4 ] 18: end if 19: w[i] w[i 4] temp 20: end for 21: return (w[0],...,w[43]) SubWord: transformation that takes a four-byte input word and applies the S-box to each of the four bytes to produce an output word. RotWord: transformation that takes a word [a 0,a 1,a 2,a 3 ] as input, performs a cyclic permutation, and returns the word [a 1,a 2,a 3,a 0 ]. Rcon[i] :, A constant array of ten words 2.6 Example Key, K = 66 50 3c 41 67 22 63 46 25 77 5d 27 26 55 3c 7a w[0] = 66 50 3c 41, w[1] = 67 22 63 46, w[2] = 25 77 5d 27, w[3] = 26 55 3c 7a for i = 4, temp = w[3] = 26 55 3c 7a. Because i 0 (mod 4) temp SubWord(RotWord(temp))) RCon[1] temp 55 3c 7a 26 01 00 00 00 = 54 3c 7a 26 w[4] w[0] temp = 66 50 3c 41 54 3c 7a 26 = 32 6c 46 67 for i = 5, temp = w[4] = 32 6c 46 67. w[5] w[1] w[4] = 67 22 63 46 32 6c 46 67 = 55 4e 25 21

6 ECE 596C: Cryptography for Secure Communications with Applications to Network Security x x y y IV = y + + d d e e IV = y + + y y x x (a) (b) Fig. 5. The diagram for the CBC mode of operation. (a) Encryption, (b) Decryption 3 Modes of operation DES has four modes of operation that were standardized in 1980. These modes can be used with minor modifications with any block cipher. A brief description of the four modes of operation is outlined as follows. 3.1 Electronic Codebook Mode (ECB) Each plaintext block is encrypted with the same key K, producing a stream of ciphers. Identical plaintext blocks yield identical ciphers. What is the vulnerability of an ECB mode of operation? Do you see any advantage in using the ECB mode of operation? 3.2 Cipher Block Chaining Mode (CBC) In CBC operation mode, each plaintext x i is XORed with the last ciphertext before being encrypted with the same key K. The first plaintext is encrypted with an initialization vector IV, of the same length as the plaintext. The encrypting rule under the CBC operation mode becomes y i = e K (y i 1 x i ), y 0 = IV. (1) In CBC operation mode, if any block of the plaintext is changed, the entire ciphertext sequence will be changed. Think of how we can use this property to provide Message Authentication. In figure 5 we show the encryption/decryption schematics of the CBC operation mode. CBC is the most common mode of operation. What are the advantages and disadvantages of CBC mode of operation? 3.3 Output Feedback Mode (OFB) In OFB mode, a keystream is generated which is XORed to the plaintext in order to produce the ciphertext. This is a synchronous stream cipher mode of operation. The keystream is generated using the DES encryption algorithm,

Handout # 7 7 The ciphertext is then computed as: z i = e K (z i 1 ), z 0 = IV. (2) y i = x i z i. (3) The OFB mode can be used as a pseudo-random number generator. Given that much faster stream ciphers exist in the literature, the OFB mode is not used in practical applications. 3.4 Cipher Feedback Mode (CFB) The CFB mode of opertion is very similar to the OFB mode, with the difference being in the generation of the keystream. In CFB, the ciphertext is encrypted to produce the keystream elements z i. The ciphertext is then computed as: z i = e K (y i 1 ), y 0 = IV. (4) y i = x i z i. (5) Given that much faster stream ciphers exist in the literature, the OFB mode is not used in practical applications.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback