Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric) Key Encryption Public (Asymmetric) Key Encryption Digital Signatures Hash Algorithms 1
Secret (Symmetric) Key Encryption Use of a single key, K ab Alice and Bob share a secret key, K ab Encryption Plaintext message is encrypted and decrypted with K ab Authentication Alice proves to Bob that she knows K ab (e.g. a password) Example: Monoalphabetic cipher Secret (Symmetric) Key Encryption Things one might do with secret key encryption: Transmitting Over an Insecure Channel: K ab K ab plaintext message, m encryption algorithm ciphertext K (m) ab decryption algorithm plaintext m = K ab (K ab (m)) 2
Secret (Symmetric) Key Encryption Things one might do with secret key encryption: Authentication: K ab K ab r A r A Encrypt with K ab r B r B Encrypt with K ab Public (Asymmetric) Key Encryption Invented in 1975. Each individual has two keys: Public key (K e ) Private key (K d ) Alice generates 2 keys, K ea and K da Bob generates 2 keys, K eb and K db It must not be possible to compute K d (private key) from K e 3
Public (Asymmetric) Key Encryption Things one might do with public key encryption: Transmitting Over an Insecure Channel: K eb K db plaintext message, m encryption algorithm ciphertext K (m) eb decryption algorithm plaintext m = K db (K eb (m)) Public (Asymmetric) Key Encryption Things one might do with secret key encryption: Authentication: K db r K eb r = K db(k eb(r)) r 4
Digital Signatures Why? They prove who generated the information. They prove that the information has not been modified. Alice generates K ea and K da Alice publishes K ea Alice signs plaintext P: (P, S = D(K da, P)) Alice sends P, S to Bob Bob verifies that E(K ea, S) = P (since only Alice knows K da ) Secret Key Cryptography Two types of symmetric ciphers: 1. Stream ciphers: encrypt one bit at time 2. Block ciphers: Break plaintext message in equal-size blocks Encrypt each block as a unit 5
Stream Ciphers pseudo random key keystream generator keystream Combine each bit of keystream with bit of plaintext to get bit of ciphertext m(i) = ith bit of message ks(i) = ith bit of keystream c(i) = ith bit of ciphertext c(i) = ks(i) m(i) ( = exclusive or) m(i) = ks(i) c(i) 11 Problems with stream ciphers Known plain-text attack There s often predictable and repetitive data in communication messages attacker receives some cipher text c and correctly guesses corresponding plaintext m ks = m c Attacker now observes c, obtained with same sequence ks m = ks c 12 6
Block ciphers Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks). 1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext Example with k=3: input output 000 110 001 111 010 101 011 100 input output 100 011 101 010 110 000 111 001 13 Block ciphers How many possible mappings are there for k=3? How many 3-bit inputs? How many permutations of the 3-bit inputs? Answer: 40,320 ; not very many! In general, 2 k! mappings; huge for k=64 Problem: Table approach requires table with 2 64 entries, each entry with 64 bits Table too big: instead use function that simulates a randomly permuted table 14 7
Prototype function From Kaufman et al 64-bit input 8bits 8bits 8bits 8bits 8bits 8bits 8bits 8bits S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 64-bit intermediate 8-bit to 8-bit mapping Loop for n rounds 64-bit output 15 Why rounds in prototype? If only a single round, then one bit of input affects at most 8 bits of output. In 2 nd round, the 8 affected bits get scattered and inputted into multiple substitution boxes. How many rounds? How many times do you need to shuffle cards Becomes less efficient as n increases 16 8
Symmetric key crypto: DES DES: Data Encryption Standard Published by National Bureau of Standards in 1977 For commercial and unclassified government applications 8 octet (64 bit) key. Each octet with 1 odd parity bit 56-bit key Efficient hardware implementation Used in most financial transactions Computing power goes up 1 bit every 2 years 56-bit was secure in 1977 but is not secure today Now we use DES three times Triple DES = 3DES Symmetric key crypto: DES Total 18 steps: Initial permutation, 16 mangler rounds, Inverse of initial permutation 9
Symmetric key crypto: DES Initial & Final Permutation: Input bit 58 goes to output bit 1 Input bit 50 goes to output bit 2, DES Round 10
DES Substitution Box Xor and S-Box 11
DES S-Box (contd.) S-Box 3. Permutation DES Decryption Identical to Encryption Keys are used in reverse order 12
International Data Encryption Algorithm (IDEA) IDEA. Designed for software implementation Encryption and Decryption are identical as in DES International Data Encryption Algorithm (IDEA) 13
International Data Encryption Algorithm (contd.) 128-bit key is converted to 52 16-bit keys Inverse of the encryption key is used for decryption in the reverse order Has patent protection International Data Encryption Algorithm (contd.) Odd round X a X b X c X d X a X c X b X d 14
International Data Encryption Algorithm (contd.) Even round X a X b X c X d X a X c X b X d Advance Encryption Standard (AES) Published by NIST in Nov 2001 Based on a competition won by Rijmen and Daemen (Rijndael) Rijndael allows many block sizes and key sizes AES restricts it to: Block Size: 128 bits Key sizes: 128, 192, 256 (AES-128, AES-192, AES- 256) 15
Basic Structure of Rijndael Number of Rounds N r = 6 + max{n b, N k } N b = 32-bit words in the block N k = 32-bit words in key 4 rows N b columns (N b = 4 for AES) [KPS Fig 3-23] AES Primitive Operations Xor Substitution box Rotation: column or row MixColumn: Replace 32-bit word with another 32-bit word 16
Rijndael S-Box [KPS Fig 3-27] Mix Coloumn 4 Input octets are used as an index to retrieve a column from the table [KPS Fig 3-26] 17
Mix Column (contd.) Retrieved column is rotated vertically so that its top octet is in the same row as the input octet Four rotated columns are xor'ed [KPS Fig 3-25] AES Decryption Inverse MixColumn Inverse S-Box Inverse Xor = Xor 18
Key Expansion Key flows in octet by octet in 4-octet columns. (N r +1)N b columns Key expansion uses the same kind of primitive operations as the rounds Rows, columns, round keys are numbered starting at 0, round numbers start at 1 AES Key Expansion Column 0 of the ith set is obtained by rotating the last column of (i-1)th set upward by one cell, applying the S- Box to each octet, then Xor'ing a constant based on i into octet 0, and Xoring it with 0th column of (i-1)th set. Column j of the ith set is obtained by Xor'ing (j-1)th column with jth column of (i-1)th set 19
AES Key Expansion (contd.) If N k > 6, then Column 4 is generated by applying S-box to each octet of the column Constants: [KPS Fig 3-32] [KPS Fig 3-32] Rounds 1. Each octet of the state has S-box applied to it 2. Rotation: Row 1 is rotated left 1 column Row 2 is rotated left 2+ Nb/8 columns Row 3 is rotated left 3: Nb/7 columns In AES-128, Nb=4 i th row is rotated i columns 3. Each column of state has MixColumn applied to it. Round N r omits this operation. 20
Ron s Cipher 4 (RC4) Stream Cipher A pseudo-random stream is generated using a given key and xor'ed with the input Pseudo-random stream is called One- Time pad Key can be 1 to 256 octet See the C code in the book. 21