0 Stimmen dafür0 Stimmen dagegen

6 Aufrufe92 SeitenSep 20, 2016

© © All Rights Reserved

PDF, TXT oder online auf Scribd lesen

© All Rights Reserved

Als PDF, TXT **herunterladen** oder online auf Scribd lesen

6 Aufrufe

© All Rights Reserved

Als PDF, TXT **herunterladen** oder online auf Scribd lesen

- Sunday, January 31, 2010
- 90892-205704-1-PB
- Wk2.1.DES
- WCECS2012_pp979-982
- Chapter 3 Symmetric Key Crypto Stream Ciphers Block Ciphers Block Cipher
- Clark SpotItPuzzle
- Inventive Cubic Symmetric Encryption System for Multimedia
- Cryptography
- Privacy preserving on mobile health data in cloud
- chap-3ncs
- Crypt
- Cryptography
- Course Proforma MTE3114ke2
- 2
- 2003 Cmo Report En
- Number Theory
- Crypt
- Crypto File
- Project Chou
- Divisibility Questions for CAT PDF

Sie sind auf Seite 1von 92

Nirmalya Kar

Introduction

Course Overview

Dan Boneh

cryptography

today?

Yesterday?

over the last week?

Dan Boneh

Nirmalya

Kar

9/9/16

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

9/9/16

Dan Boneh

Nirmalya

Kar

Welcome

Course objectives:

Learn how crypto primitives work

Learn how to use them correctly and reason about security

My recommendations:

Take notes

Answer the in-class questions

Dan Boneh

Nirmalya

Kar

9/9/16

Cryptography is everywhere

Secure communication:

web traffic: HTTPS

wireless traffic: 802.11i WPA2 (and WEP), GSM, Bluetooth

Content protection (e.g. DVD, Blu-ray): CSS, AACS

User authentication

and much much more

Dan Boneh

Nirmalya

Kar

Secure communication

no eavesdropping

no tampering

Dan Boneh

Nirmalya

Kar

9/9/16

Disk

File 1

Alice

File 2

Alice

No eavesdropping

No tampering

Alice today sends a message to Alice tomorrow

Dan Boneh

Nirmalya

Kar

Alice

m

Bob

E(k,m)=c

D(k,c)=m

m, c: plaintext, ciphertext

Never use a proprietary cipher

Dan Boneh

Nirmalya

Kar

9/9/16

Use Cases

Single use key: (one time key)

Key is only used to encrypt one message

encrypted email: new key generated for every email

Multi use key: (many time key)

Key used to encrypt multiple messages

encrypted files: same key used to encrypt many files

Need more machinery than for one-time key

Dan Boneh

Nirmalya

Kar

Things to remember

Cryptography is:

A tremendous tool

The basis for many security mechanisms

Cryptography is not:

The solution to all security problems

Reliable unless implemented and used properly

Something you should try to invent yourself

many many examples of broken ad-hoc designs

Dan Boneh

Nirmalya

Kar

9/9/16

Books to Read

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

9/9/16

Nirmalya Kar

What is cryptography?

Dan Boneh

Alice and Bob are the good guys

q Trudy is our generic intruder

Dan Boneh

Nirmalya

Kar

9/9/16

Alice and Bob want to communicate securely

Typically, over a network

securely

Trudy wants to read Alice and Bobs secrets

Or Trudy might have other devious plans

Cause confusion, denial of service, etc.

Dan Boneh

Nirmalya

Kar

CIA

Confidentiality Integrity Availability

Confidentiality: prevent unauthorized reading of

information

Integrity: prevent unauthorized writing of information

Availability: data is available in a timely manner when

needed

Availability is a new security concern

Due to denial of service (DoS) threats

Dan Boneh

Nirmalya

Kar

9/9/16

Crypto

Cryptology The art and science of making and breaking

secret codes

Cryptography making secret codes

Cryptanalysis breaking secret codes

Crypto all of the above (and more)

Dan Boneh

Nirmalya

Kar

A cipher or cryptosystem is used to encrypt the

plaintext

The result of encryption is ciphertext

We decrypt ciphertext to recover plaintext

A key is used to configure a cryptosystem

Dan Boneh

Nirmalya

Kar

10

9/9/16

key

key

plaintext

Pi

encrypt

Ci

decrypt

Pi

plaintext

ciphertext

And Ci is corresponding ciphertext

Unit may be bit, letter, block of bits, etc.

Dan Boneh

Nirmalya

Kar

Alice

key

plaintext

Pi

encrypt

key

Trudy

Ci

decrypt

Bob

Pi

plaintext

ciphertext

Trudy knows the cipher and how it works

Trudy might know a little more

Trudy does not know the key

Dan Boneh

Nirmalya

Kar

11

9/9/16

Cryptanalysis

This course focused on cryptanalysis

Trudy wants to recover key or plaintext

Trudy is not bound by any rules

For example, Trudy might attack the implementation, not

the algorithm itself

She might use side channel info, etc.

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

12

9/9/16

Information security is a big topic

Crypto, Access control, Protocols, Software

Real world info security problems abound

best

Using crypto correctly is important

The more we make other parts of security behave like crypto,

the better

Dan Boneh

Nirmalya

Kar

Study of cryptanalysis gives insight into all aspects of

crypto

Gain insight into attackers mindset

black hat vs white hat mentality

Cryptographers are boring

Cryptanalysts are cool

Dan Boneh

Nirmalya

Kar

13

9/9/16

Crypto core

Talking

to Alice

Talking

to Bob

Alice

Bob

attacker???

m1

Secure communication:

m2

confidentiality and integrity

Dan Boneh

Nirmalya

Kar

Digital signatures

Anonymous communication

Alice

signature

Who did I

just talk to?

Alice

Bob

Dan Boneh

Nirmalya

Kar

14

9/9/16

Digital signatures

Anonymous communication

Anonymous digital cash

Can I spend a digital coin without anyone knowing who I am?

How to prevent double spending?

1$

Alice

Internet

Who was

that?

(anon. comm.)

Dan Boneh

Nirmalya

Kar

Crypto magic

Privately outsourcing computation

search

query

search for?

E[ query ]

Alice

E[ results ]

results

N=pq

Alice

???

proof

Bob

N

Dan Boneh

Nirmalya

Kar

15

9/9/16

A rigorous science

The three steps in cryptography:

Precisely specify threat model

Propose a construction

Prove that breaking construction under

threat mode will solve an underlying hard problem

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

16

9/9/16

Nirmalya

Kar

Dan Boneh

Introduction

Dan Boneh

Definitions

Computer Security - generic name for the collection of tools

designed to protect data and to thwart hackers

Network Security - measures to protect data during their

transmission

Internet Security - measures to protect data during their

transmission over a collection of interconnected networks

34

Dan Boneh

Nirmalya

Kar

17

9/9/16

Security Attacks

Action compromises the information security

Could be passive or active attacks

Security Services

Such as authentication, identification, encryption, signature, secret

sharing and so on.

Security mechanism

The ways to provide such services

Detect, prevent and recover from a security attack

35

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

18

9/9/16

37

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

19

9/9/16

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

20

9/9/16

Authentication

Peer Entity Authentication

Data Origin Authentication

Access Control

Data Confidentiality

Connection Confidentiality

Connectionless Confidentiality

Selective-Field Confidentiality

Traffic Flow Confidentiality

Dan Boneh

Nirmalya

Kar

contd

Data Integrity

Connection Integrity without Recovery

Selective-Field Connection Integrity

Connectionless Integrity

Selective-Field Connectionless Integrity

Nonrepudiation, Destination

Dan Boneh

Nirmalya

Kar

21

9/9/16

Dan Boneh

Nirmalya

Kar

Ciphertext-Only Attack

Dan Boneh

Nirmalya

Kar

22

9/9/16

Known-Plaintext Attack

Dan Boneh

Nirmalya

Kar

Chosen-Plaintext Attack

Dan Boneh

Nirmalya

Kar

23

9/9/16

Chosen-Ciphertext Attack

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

24

9/9/16

Nirmalya

Kar

Dan Boneh

History

Classical

Encryption

Techniques

Dan Boneh

Symmetric Ciphers

Dan Boneh

Nirmalya

Kar

25

9/9/16

1. Substitution cipher

k :=

Dan Boneh

Nirmalya

Kar

Mono-alphabetic Cipher

rather than just shifting the alphabet could shuffle (jumble)

the letters arbitrarily

each plaintext letter maps to a different random ciphertext

letter

Plaintext

Ciphertext

: abcdefghijklmnopqrstuvwxyz

: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext

Ciphertext

: ifwewishtoreplaceletters

: WIRFRWAJUHYFTSDVFSFUUFYA

Dan Boneh

Nirmalya

Kar

26

9/9/16

Dan Boneh

Nirmalya

Kar

assuming 26 letters?

Dan Boneh

Nirmalya

Kar

27

9/9/16

What is the most common letter in English text?

X

L

E

H

Dan Boneh

Nirmalya

Kar

(1)

Dan Boneh

Nirmalya

Kar

28

9/9/16

Dan Boneh

Nirmalya

Kar

2. Playfair cipher

q

q

q

q

in 1854, but named after his

friend Baron Playfair )

fill in letters of keyword (minus duplicates)

fill rest of matrix with other letters

eg. using the keyword MONARCHY

Dan Boneh

Nirmalya

Kar

29

9/9/16

eg. "balloon" encrypts as "ba lx lo on"

2. if both letters fall in the same row, replace each with letter

to right (wrapping back to start from end),

eg. ar" encrypts as "RM"

Dan Boneh

Nirmalya

Kar

contd

3. if both letters fall in the same column, replace each with the

letter below it (again wrapping to top from bottom),

eg. mu" encrypts to "CM"

4. otherwise each letter is replaced by the one in its row in the

column of the other letter of the pair,

eg. hs" encrypts to "BP", and ea" to "IM" or "JM" (as desired)

Dan Boneh

Nirmalya

Kar

30

9/9/16

k = C R Y P T O C R Y P T O C R Y P T

m = W H A T A N I C E D A Y T O D A Y

(+ mod 26)

c = Z Z Z J U C L U D T U N W G C Q S

Dan Boneh

Nirmalya

Kar

Example

62

Dan Boneh

Nirmalya

Kar

31

9/9/16

determine the length of the keyword (Kasiski test )

Key

plaintext

ciphertext

: deceptivedeceptivedeceptive

: wearediscoveredsaveyourself

: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Dan Boneh

Nirmalya

Kar

MODULAR ARITHMETIC

The division relationship (a = q n + r) has two inputs (a and n)

and two outputs (q and r).

But

In modular arithmetic, we are interested in only one of the

outputs, the remainder r.

Dan Boneh

Nirmalya

Kar

32

9/9/16

Modulo Operator

The modulo operator is shown as mod. The second input (n) is called

the modulus. The output r is called the residue.

Figure : Division algorithm and modulo operator

Dan Boneh

Nirmalya

Kar

Set of Residues

The modulo operation creates a set, which in modular arithmetic is

referred to as the set of least residues modulo n, or Zn.

Dan Boneh

Nirmalya

Kar

33

9/9/16

Two integers a and b are said to be congruent modulo n, if their

difference (a - b) is an integer multiple of n.

or

Both numbers have the same remainder when divided by n.

67

Dan Boneh

Nirmalya

Kar

Properties of congruence

Property 1 Congruence is reflexive, i.e., a a (mod m) for every integer a and

natural number m.

Property 2 Congruence is symmetric, i.e., if a

b (mod m), then

b

a (mod m).

Property 3 Congruence is transitive, i.e., if

a b (mod m) and b

c (mod m), then a c (mod m).

Dan Boneh

Nirmalya

Kar

34

9/9/16

. Contd

Property 4 Congruences may be added : if

a b (mod m) and c d (mod m), then a + b c + d (mod m).

Property 5 Congruences may be multiplied : if

a b (mod m) and c d (mod m), then ab

cd (mod m).

prime to m : if

ab

c (mod m).

Dan Boneh

Nirmalya

Kar

Inverses

In modular arithmetic, we often need to find the inverse of a

number relative to an operation.

We are normally looking for an

additive inverse (relative to an addition operation)

or

a multiplicative inverse (relative to a multiplication operation).

Dan Boneh

Nirmalya

Kar

35

9/9/16

Additive Inverse

In Zn, two numbers a and b are additive inverses of each other if

Note

inverse. The sum of an integer and its additive inverse

is congruent to 0 modulo n.

Dan Boneh

Nirmalya

Kar

Multiplicative Inverse

other if

Note

a multiplicative inverse.

When it does, the product of the integer and its

multiplicative inverse is congruent to 1 modulo n.

Dan Boneh

Nirmalya

Kar

36

9/9/16

Hill Cipher

takes m successive plaintext letters and substitutes for them m

ciphertext letters

Note

multiplicative inverse.

Dan Boneh

Nirmalya

Kar

example

Consider the plaintext "pay more money" and use the encryption key

The first three letters of the plaintext are represented by the vector

74

Dan Boneh

Nirmalya

Kar

37

9/9/16

when adding extra bogus character z to the last block and removing

the spaces. The ciphertext is OHKNIHGKLISS.

Dan Boneh

Nirmalya

Kar

plaintext/ciphertext pair blocks (not necessarily from the same

message) as shown in Figure .

Dan Boneh

Nirmalya

Kar

38

9/9/16

she inverts the P matrix and multiplies it by C to get the K matrix as

shown in Figure

Now she has the key and can break any ciphertext encrypted with

that key.

Dan Boneh

Nirmalya

Kar

Early example: the Hebern machine (single rotor)

A

B

C

.

.

X

Y

Z

key

K

S

T

.

.

R

N

E

E

K

S

T

.

.

R

N

N

E

K

S

T

.

.

R

Dan Boneh

Nirmalya

Kar

39

9/9/16

Most famous: the Enigma (3-5 rotors)

Dan Boneh

Nirmalya

Kar

Transposition Ciphers

A transposition cipher does not substitute one symbol for another,

instead it changes the location of the symbols.

Classification

q Keyed Transposition Ciphers

q Combining Two Approaches

Dan Boneh

Nirmalya

Kar

40

9/9/16

A good example of a keyless cipher using the first method is the rail

fence cipher. The ciphertext is created reading the pattern row by

row. For example, to send the message Meet me at the park to

Bob, Alice writes

She then creates the ciphertext MEMATEAKETETHPR.

She creates the ciphertext

MMTAEEHREAEKTTP.

Dan Boneh

Nirmalya

Kar

write the message in a rectangle, row by row, and read the

message off, column by column, but permute the order of the

columns.

then reorder the columns according to some key before

reading off the rows

Plain text: attack postponed until two am

Dan Boneh

Nirmalya

Kar

41

9/9/16

Example

Dan Boneh

Nirmalya

Kar

Keys

In Example, a single key was used in two directions for the column

exchange: downward for encryption, upward for decryption. It is

customary to create two keys.

Dan Boneh

Nirmalya

Kar

42

9/9/16

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

43

9/9/16

Task :

For the given cipher text & key find the find the plain text if

double transposition of columns was employed by the sender

Cipher text

Key

: GOOYTPGRYAHPCROISD

: 241536 for both rounds.

87

Dan Boneh

Nirmalya

Kar

categories: stream ciphers and block ciphers.

qA stream cipher is one that encrypts a digital data stream one bit

or one byte at a time.

Example:- the autokeyed Vigenre cipher and the Vernam

cipher.

qA block cipher is one in which a block of plaintext is treated as a

whole and used to produce a ciphertext block of equal length.

Typically, a block size of 64 or 128 bits is used.

Dan Boneh

Nirmalya

Kar

44

9/9/16

Stream Ciphers

Dan Boneh

Nirmalya

Kar

Block Ciphers

In a block cipher, a group of plaintext symbols of size m (m > 1)

are encrypted together creating a group of ciphertext of the

same size. A single key is used to encrypt the whole block even if

the key is made of multiple values.

Dan Boneh

Nirmalya

Kar

45

9/9/16

End of Segment

Dan Boneh

Nirmalya

Kar

Dan Boneh

Basics

Dan Boneh

46

9/9/16

Dan Boneh

Nirmalya

Kar

Problem

How many padding bits must be added to a message of 100

characters if 8-bit ASCII is used for encoding and the block

cipher accepts blocks of 64 bits?

Solution :

Dan Boneh

Nirmalya

Kar

47

9/9/16

Substitution or Transposition

Note

To be resistant to exhaustive-search attack,

a modern block cipher needs to be designed as a

substitution cipher.

Dan Boneh

Nirmalya

Kar

Problem

Suppose that we have a block cipher where n = 64. If there are 10

1s in the ciphertext, how many trial-and-error tests does Eve

need to do to recover the plaintext from the intercepted

ciphertext in each of the following cases?

a. The cipher is designed as a substitution cipher.

b. The cipher is designed as a transposition cipher.

Dan Boneh

Nirmalya

Kar

48

9/9/16

P-Box : Permutation box parallels the traditional transposition

cipher for characters.

97

Dan Boneh

Nirmalya

Kar

Contd

Invertibility : A straight P-box can be used in the encryption

cipher & its inverse in the decryption cipher.

98

Dan Boneh

Nirmalya

Kar

49

9/9/16

Contd

Compression and expansion P-boxes are non-invertible

Dan Boneh

Nirmalya

Kar

S-Box

substitution cipher.

Note

An S-box is an m n substitution unit, where m and n are not

necessarily the same.

Dan Boneh

Nirmalya

Kar

50

9/9/16

Example

In an S-box with three inputs and two outputs, we have

a2,2 = a2,3 = 0. The relationship can be represented by matrices,

as shown below:

5.101

Dan Boneh

Nirmalya

Kar

Example

The following table defines the input/output relationship for an S-box

of size 3 2. The leftmost bit of the input defines the row; the two

rightmost bits of the input define the column. The two output bits are

values on the cross section of the selected row and column.

Based on the table, an input of 010 yields the output 01. An input of

101

yields the output of 00.

5.102

Dan Boneh

Nirmalya

Kar

51

9/9/16

XOR

0 1 1 0 1 1 1

1 0 1 1 0 1 0

Dan Boneh

Nirmalya

Kar

Circular Shift

Another component found in some modern block ciphers is the

circular shift operation.

Figure : Circular shifting an 8-bit word to the left or right

5.104

Dan Boneh

Nirmalya

Kar

52

9/9/16

Swap

The swap operation is a special case of the circular shift operation

where k = n/2.

Figure : Swap operation on an 8-bit word

5.105

Dan Boneh

Nirmalya

Kar

Two other operations found in some block ciphers are split and

combine.

Figure : Split and combine operations on an 8-bit word

5.106

Dan Boneh

Nirmalya

Kar

53

9/9/16

Diffusion

The idea of diffusion is to hide the relationship between the

ciphertext and the plaintext.

Note

ciphertext and the plaintext.

5.107

Dan Boneh

Nirmalya

Kar

Confusion

The idea of confusion is to hide the relationship between the

ciphertext and the key.

Note

ciphertext and the key.

5.108

Dan Boneh

Nirmalya

Kar

54

9/9/16

A product cipher combines two or more transformations in a

manner intending that the resulting cipher is more secure

than the individual components.

109

Dan Boneh

Nirmalya

Kar

Modern block ciphers are all product ciphers, but they are divided

into two classes.

1. Feistel ciphers : Feistel designed a very intelligent and interesting

cipher that has been used for decades. A Feistel cipher can have

three types of components:

self-invertible

Invertible

noninvertible

2. Non-Feistel ciphers

Dan Boneh

Nirmalya

Kar

55

9/9/16

Dan Boneh

Nirmalya

Kar

Example

The plaintext and ciphertext are each 4 bits long and the key is 3 bits long.

Assume that the function takes the first and third bits of the key,

interprets these two bits as a decimal number, squares the number, and

interprets the result as a 4-bit binary pattern. Show the results of

encryption and decryption if the original plaintext is 0111 and the key is

101.

Solution

The function extracts the first and second bits to get 11 in binary or 3 in

decimal. The result of squaring is 9, which is 1001 in binary.

Dan Boneh

Nirmalya

Kar

56

9/9/16

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

57

9/9/16

115

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

58

9/9/16

Nirmalya

Kar

Dan Boneh

Basics

Dan Boneh

In a modern stream cipher, encryption and decryption are done r

bits at a time.

We have a plaintext bit stream P = pnp2 p1, a ciphertext bit

stream C = cnc2 c1, and a key bit stream K = knk2 k1, in which pi ,

ci , and ki are r-bit words.

Nonsynchronous Stream Ciphers

Dan Boneh

Nirmalya

Kar

59

9/9/16

5.119

Note

In a modern stream cipher, each r-bit word in the plaintext stream is

enciphered using an r-bit word in the key stream to create the

corresponding r-bit word in the ciphertext stream.

Dan Boneh

Nirmalya

Kar

Note

In a synchronous stream cipher the key is independent of the

plaintext or ciphertext.

Figure : One-time pad

Dan Boneh

Nirmalya

Kar

60

9/9/16

Dan Boneh

Nirmalya

Kar

Example

b5 = b4 b2 b0 .

Solution

If ci = 0, bi has no role in calculation of bm. This means that bi is not

connected to the feedback function. If ci = 1, bi is involved in calculation

of bm. In this example, c1 and c3 are 0s, which means that we have

only three connections. Bellow figure shows the design.

Dan Boneh

Nirmalya

Kar

61

9/9/16

Example

b4 = b1 b0. Show the value of output for 20 transitions (shifts) if

the seed is (0001)2.

Solution:

Dan Boneh

Nirmalya

Kar

Table :

5.124

Dan Boneh

Nirmalya

Kar

62

9/9/16

Table :

5.125

Dan Boneh

Nirmalya

Kar

looks like a random sequence at first glance, but if we go through

more transitions, we see that the sequence is periodic. It is a

repetition of 15 bits as shown below:

The key stream generated from a LFSR is a pseudorandom

sequence in which the the sequence is repeated after N bits.

Note

Dan Boneh

Nirmalya

Kar

63

9/9/16

In a nonsynchronous stream cipher, each key in the key stream

depends on previous plaintext or ciphertext.

Note

either the plaintext or ciphertext.

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

64

9/9/16

Nirmalya

Kar

Dan Boneh

Block ciphers

Simplified DES

Dan Boneh

Dan Boneh

Nirmalya

Kar

65

9/9/16

Simplified DES

The S-DES encryption algorithm takes an 8-bit block of

plaintext (example: 10111101) and a 10-bit key as input and

produces an 8-bit block of ciphertext as output.

The S-DES decryption algorithm takes an 8-bit block of

ciphertext and the same 10-bit key used to produce that

ciphertext as input and produces the original 8-bit block of

plaintext.

131

Dan Boneh

Nirmalya

Kar

Contd

The encryption algorithm involves five functions:

an initial permutation (IP)

a complex function labeled fK, which involves both permutation and

substitution operations and depends on a key input (k1 )

a simple permutation function that switches (SW) the two halves of

the data

The function fK again with key input (k2 )

and finally a permutation function that is the inverse of the initial

permutation (IP1 )

132

Dan Boneh

Nirmalya

Kar

66

9/9/16

Contd

133

Dan Boneh

Nirmalya

Kar

Contd

) )

where

K1 = P8 Shift(P10(key))

( (

K2 = P8 Shift Shift(P10(key))

))

) )

134

Dan Boneh

Nirmalya

Kar

67

9/9/16

135

Dan Boneh

Nirmalya

Kar

Contd

Let the 10-bit key be designated as (k1, k2, k3, k4, k5, k6, k7, k8,

k9, k10).

Then the permutation P10 is defined as:

P10

3 5 2 7 4 10 1 9 8 6

each position in the table gives the identity of the input bit that

produces the output bit in that position.

For example, the key (1010000010) is permuted to

(1000001100)

136

Dan Boneh

Nirmalya

Kar

68

9/9/16

Contd

Next, perform a circular left shift (LS-1), or rotation, separately on the first five

bits and the second five bits.

Eg:- the result is (00001 11000).

Next apply P8, which picks out and permutes 8 of the 10 bits according to the

following rule:

P8

6 3 7 4 8 5 10 9

Go back to the pair of 5-bit strings produced by the two LS-1 functions and

perform a circular left shift of 2 bit positions on each string.

(00001 11000) becomes (00100 00011).

Eg:- the result is (01000011).

137

Dan Boneh

Nirmalya

Kar

S-DES Encryption

138

Dan Boneh

Nirmalya

Kar

69

9/9/16

8

4

IP

4

E/P

E/P

8

K2

8

4

4

S0

S1

2

Plaintext

K1

S0

S1

2

2

P4

2

P4

4

4

4

IP-1

8

SW

Ciphertext

Dan Boneh

Nirmalya

Kar

Contd

Initial and Final Permutations

First permute 8-bit block of plaintext using the IP function:

2 6 3 1

IP

4 8 5 7

IP-1

4 1 3 5 7 2 8 6

140

Dan Boneh

Nirmalya

Kar

70

9/9/16

Contd

The function fk

the function fK, consists of a combination of permutation and

substitution functions.

Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit

input to fK , and let F be a mapping from 4-bit strings to 4-bit strings.

fK(L, R) = (L F(R, SK), R)

where SK is a subkey.

Example: The output of the IP stage is (10111101) and F(1101, SK) =

(1110) for some key SK.

Then fK(10111101) = (01011101) because (1011) (1110) = (0101).

141

Dan Boneh

Nirmalya

Kar

Contd

Mapping of F

input is a 4-bit number (n1n2n3n4).

The first operation is an expansion/permutation operation:

E/P

4 1 2 3 2 3 4 1

n4|n1

n2|n3

n2|n3

n4|n1

The 8-bit subkey K1 = ( K11, K12, K13, K14, K15, K16,K17,K18 ) is

added to this value using exclusive-OR :

142

Dan Boneh

Nirmalya

Kar

71

9/9/16

Contd

Let us rename these 8 bits:

The first 4 bits (first row of the preceding matrix) are fed into

the S-box S0 to produce a 2-bit output, and the remaining 4 bits

(second row) are fed into S1 to produce another 2-bit output.

143

Dan Boneh

Nirmalya

Kar

Contd

The S-boxes operate as follows The first and fourth input bits are treated as a 2-bit number that

specify a row of the S-box,

the second and third input bits specify a column of the S-box.

The entry in that row and column, in base 2, is the 2-bit output.

144

Dan Boneh

Nirmalya

Kar

72

9/9/16

Contd

Example:-

0

1

1

0

0

0

0

1

For S0

first and fourth input bits are 00 or 0 or row 0

second and third input bits are 10 or 2 or column 2

For S1

first and fourth input bits are 11 or 3 or row 3

second and third input bits are 00 or 0 or column 0

145

Dan Boneh

Nirmalya

Kar

Contd

Next, the 4 bits produced by S0 and S1 undergo a further

permutation as follows:

146

Dan Boneh

Nirmalya

Kar

73

9/9/16

End of Segment

Dan Boneh

Nirmalya

Kar

Dan Boneh

Block ciphers

DES

Dan Boneh

74

9/9/16

History

Early 1970s: Horst Feistel designs Lucifer at IBM

key-len = 128 bits ; block-len = 128 bits

1973: NBS asks for block cipher proposals.

IBM submits variant of Lucifer.

1976: NBS adopts DES as a federal standard

key-len = 56 bits ; block-len = 64 bits

1997: DES broken by exhaustive search

2000: NIST adopts Rijndael as AES to replace DES

Widely deployed in banking (ACH) and commerce

Dan Boneh

Nirmalya

Kar

Contd

Dan Boneh

Nirmalya

Kar

75

9/9/16

DES Structure

Figure :

General

structure of

DES

Dan Boneh

Nirmalya

Kar

Figure :

A round in DES

(encryption site)

DES uses 16

rounds. Each round

of DES is a Feistel

cipher.

Dan Boneh

Nirmalya

Kar

76

9/9/16

DES function. The DES

function applies a 48bit key to the rightmost

32 bits to produce a

32-bit output.

Dan Boneh

Nirmalya

Kar

Contd

154

Dan Boneh

Nirmalya

Kar

77

9/9/16

Contd

Figure :

Key generation

Dan Boneh

Nirmalya

Kar

Multiple DES

The major criticism of DES regards its key length. Fortunately DES is not a

group. This means that we can use double or triple DES to increase the key

size.

Approaches:

q Double DES

q Triple DES

Dan Boneh

Nirmalya

Kar

78

9/9/16

Double DES

Meet-in-the-Middle Attack

However, using a known-plaintext attack called meet-in-the-middle

attack proves that double DES improves this vulnerability slightly (to

257 tests), but not tremendously (to 2112).

Dan Boneh

Nirmalya

Kar

Contd

Dan Boneh

Nirmalya

Kar

79

9/9/16

Triple DES

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

80

9/9/16

Nirmalya Kar

Block ciphers

AES

Dan Boneh

Nirmalya

Kar

Introduction

The Advanced Encryption Standard (AES) is a symmetric-key

block cipher published by the National Institute of Standards and

Technology (NIST) in December 2001.

Topics to be discuss :

q

q

q

q

Criteria

Rounds

Data Units

Structure of Each Round

Dan Boneh

Nirmalya

Kar

81

9/9/16

qCriteria

The criteria defined by NIST for selecting AES fall into three

areas:

1. Security

2. Cost

3. Implementation.

Dan Boneh

Nirmalya

Kar

qRounds.

AES is a non-Feistel cipher that encrypts and decrypts a data

block of 128 bits. It uses 10, 12, or 14 rounds. The key size, which

can be 128, 192, or 256 bits, depends on the number of rounds.

Note

AES has defined three versions, with 10, 12, and 14 rounds.

Each version uses a different cipher key size (128, 192, or 256),

but the round keys are always 128 bits.

Dan Boneh

Nirmalya

Kar

82

9/9/16

Contd

Dan Boneh

Nirmalya

Kar

Dan Boneh

Nirmalya

Kar

83

9/9/16

Contd

Figure : Block-to-state and state-to-block transformation

Dan Boneh

Nirmalya

Kar

Contd

Example

Dan Boneh

Nirmalya

Kar

84

9/9/16

Dan Boneh

Nirmalya

Kar

End of Segment

Dan Boneh

85

9/9/16

Nirmalya

Kar

Dan Boneh

Block ciphers

Attacks on Block

Ciphers

Dan Boneh

Differential Cryptanalysis

Eli Biham and Adi Shamir introduced the idea of differential

cryptanalysis.

This is a chosen-plaintext attack.

Dan Boneh

Nirmalya

Kar

86

9/9/16

Example

Assume that the cipher is made only of one exclusive-or operation.

Without knowing the value of the key, Eve can easily find the

relationship between plaintext differences and ciphertext differences if

by plaintext difference we mean P1 P2 and by ciphertext difference,

we mean C1 C2. The following proves that C1 C2 = P1 P2:

Dan Boneh

Nirmalya

Kar

Observe the difference between the two ciphertexts as a

function of the difference between the corresponding

plaintexts

Find the highest probability differential input (called

characteristic) which can be traced through several rounds

Assign probabilities to the keys and locate the most probable

key

174

Dan Boneh

Nirmalya

Kar

87

9/9/16

Linear Cryptanalysis

Linear cryptanalysis was presented by Mitsuru Matsui in 1993.

The analysis uses known plaintext attacks.

Dan Boneh

Nirmalya

Kar

Contd

Figure : A simple cipher with a linear S-box

Dan Boneh

Nirmalya

Kar

88

9/9/16

Contd

values of k0, k1, and k2 .

Dan Boneh

Nirmalya

Kar

Traditionally symmetric encryption is used to provide message

confidentiality

consider typical scenario

LANs interconnected using switches/routers

with external lines or radio/satellite links

use dial-in to LAN or server to snoop

use external router link to enter & snoop

monitor and/or modify traffic one external links

Dan Boneh

Nirmalya

Kar

89

9/9/16

Contd

have two major placement alternatives

link encryption

encryption occurs independently on every link

implies must decrypt traffic between links

requires many devices, but paired keys

end-to-end encryption

encryption occurs between original source and final

destination

need devices at each end with shared keys

Dan Boneh

Nirmalya

Kar

Contd

180

Dan Boneh

Nirmalya

Kar

90

9/9/16

Contd

Characteristics of Link and End-to-End Encryption

181

Dan Boneh

Nirmalya

Kar

182

Dan Boneh

Nirmalya

Kar

91

9/9/16

End of Segment

Dan Boneh

92

- Sunday, January 31, 2010Hochgeladen vonTimothy Ray White
- 90892-205704-1-PBHochgeladen vonTayyeb Mahmood
- Wk2.1.DESHochgeladen vonalifarman92
- WCECS2012_pp979-982Hochgeladen vonSalman Habib
- Chapter 3 Symmetric Key Crypto Stream Ciphers Block Ciphers Block CipherHochgeladen vonperhacker
- Clark SpotItPuzzleHochgeladen voncarango7
- Inventive Cubic Symmetric Encryption System for MultimediaHochgeladen vonCS & IT
- CryptographyHochgeladen vonRanjan Banerjee
- Privacy preserving on mobile health data in cloudHochgeladen vonVinoth Chitra
- chap-3ncsHochgeladen vonChaitanyPatel
- CryptHochgeladen vonhotguysb
- CryptographyHochgeladen vonsmdshahulsmd
- Course Proforma MTE3114ke2Hochgeladen vonNuruljannah Mohd Mazuki
- 2Hochgeladen vonmr_hananel
- 2003 Cmo Report EnHochgeladen vonProfefabiano
- Number TheoryHochgeladen vonShhubham Rai
- CryptHochgeladen vonBilal Salim
- Crypto FileHochgeladen vonMunish Wadhwa
- Project ChouHochgeladen vonsanket939
- Divisibility Questions for CAT PDFHochgeladen vonBhadani Riya
- EncryptionHochgeladen vonhdl_dcv
- Cellular Automata in Public Key CryptographyHochgeladen vonIJERAS-International Journal of Engineering Research and Applied Science (ISSN: 2349-4522)
- 1 CryptoHochgeladen vonIntellectual Kilian
- 02_filiol.pdfHochgeladen vonCaroto pelaez
- 2-ClassicalCryptosystems.pdfHochgeladen vonKhoiruz Zahra
- deakin activity 2 complete.docxHochgeladen vonJj Aiteng
- Modern CryptographyHochgeladen vonelectrical_hack
- [IJCST-V5I5P10]:Simrat Kaur, Rupinder KaurHochgeladen vonEighthSenseGroup
- TMA11Hochgeladen vonmarquel
- SECURED ONLINE PAYMENT SYSTEM-A REVIEW ON VARIOUS TECHNIQUESHochgeladen vonIJAR Journal

- Cryptography - Report Advanced Cryptography Standard AES.pdfHochgeladen vonSyed Kazim Raza
- 1 Align Cloud Document.docxHochgeladen vonc.s. subramaniyam
- Secure e3 Sharing in Cloud Computing Using RevocaeHochgeladen vonJayaprabhu Prabhu
- Networksecurityunit123final 141201131239 Conversion Gate02Hochgeladen vonNakka Purushotham
- Metodos de Sistemas de CriptoanálisisHochgeladen vonZosemu Bot
- Cryptography - CISSP Study Guide on CryptographyHochgeladen voncranckcracker123
- Compared AlgorithmHochgeladen vonMeenu Pasricha
- WebSphere MQ AMSHochgeladen vonnt29
- AesHochgeladen vonnadeeemhot1155
- Eli Biham -- How to Decrypt or Even Substitute DES-EncryptedHochgeladen vonelvendedor
- Ccn-matlab Soft CopyHochgeladen vonVishal Gupta
- HillCipher_Crypto_Assign.pdfHochgeladen vonsandeep
- Agarwal a 2012Hochgeladen vonPraful Mandaliya
- MELJUN CORTES CRYPTOGRAPHY Elements LecturesHochgeladen vonMELJUN CORTES, MBA,MPA
- CryptogrphyHochgeladen vonJámès Kõstã
- Coursework Definition RevisedHochgeladen vonCreanga Florin
- Access Control LevelsHochgeladen vonJoe Mwangi
- Lecture 1Hochgeladen vonsamaher hussein
- SandPfinal.pdfHochgeladen vonNani Vellanki
- [IJCST-V4I3P52]:Jisna V A, Sobha Xavier,Ninu FrancisHochgeladen vonEighthSenseGroup
- TINY AlgorithmHochgeladen vonramachandra
- KEY-AGGREGATE SECURE DATA SHARING IN CLOUD COMPUTING FOR CRYPTOSYSTEMHochgeladen voneditor3854
- Network SecurityHochgeladen vonAfriend Too
- Cryptography -- ps.pptHochgeladen vonumti29
- BT0088Hochgeladen vonMrinal Kalita
- e-voting using pgpHochgeladen vonprvigneshkumar
- EFF: CryptoHochgeladen vonEFF
- A Method of Designing Block Cipher Which Involves a Key Bunch Matrix with Polynomial Entries over F2Hochgeladen vonInternational Organization of Scientific Research (IOSR)
- 14403888 Model of Conventional EncryptionHochgeladen vonMohabath Mohaunix
- Encrypt Directions Spring 2012 PostHochgeladen vonmamdouh26

## Viel mehr als nur Dokumente.

Entdecken, was Scribd alles zu bieten hat, inklusive Bücher und Hörbücher von großen Verlagen.

Jederzeit kündbar.