Brief Overview of Cryptography. Outline. cryptographic primitives symmetric key ciphers block ciphers stream ciphers asymmetric key ciphers cryptographic hash functions protocol primitives block cipher operation modes “enveloping” message authentication codes digital signatures
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Brief Overview of Cryptography
Ek(x)
ciphertext
E
D
x
plaintext
Dk’(Ek(x)) = x
attacker
k
encryption key
k’
decryption key
Cryptographic primitives
pseudo-random
bit stream generator
stream ciphers
seed
plaintext
ciphertext
...
...
+
block ciphers
plaintext
ciphertext
block
cipher
padding
key
Cryptographic primitives
Cryptographic primitives
input size: 64, output size: 64, key size: 56
16 rounds
Feistel structure
F need not be invertible
decryption is the same as encryption with reversed key schedule (hardware implementation!)
X
(64)
Initial Permutation
(32)
(32)
F
(48)
+
K1
F
+
(48)
K2
Key Scheduler
(56)
K
F
+
(48)
K3
…
Cryptographic primitives
F
(48)
+
K16
Initial Permutation-1
Y
(64)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
S1
S2
S3
S4
S5
S6
S7
S8
P
Cryptographic primitives
Left shift(s)
Left shift(s)
Left shift(s)
Left shift(s)
Permuted Choice 2
Permuted Choice 2
K
(56)
Permuted Choice 1
(28)
(28)
(28)
(28)
(48)
K1
(48)
K2
Cryptographic primitives
…
Cryptographic primitives
plaintext
plaintext
w[0..3]
add round key
add round key
inverse subs bytes
round 10
substitute bytes
inverse shift rows
shift rows
round 1
mix columns
inverse mix columns
w[4..7]
add round key
add round key
round 9
inverse subs bytes
inverse shift rows
expanded key
substitute bytes
shift rows
round 9
mix columns
inverse mix columns
w[36..39]
add round key
add round key
Cryptographic primitives
round 1
inverse subs bytes
substitute bytes
inverse shift rows
round 10
shift rows
w[40..43]
add round key
add round key
ciphertext
ciphertext
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2
x
=
multiplications and additions
are performed over GF(28)
shift row
s00
s01
s02
s03
s00
s01
s02
s03
s10
s11
s12
s13
LROT1
s11
s12
s13
s10
s20
s21
s22
s23
LROT2
s22
s23
s20
s21
s30
s31
s32
s33
LROT3
s33
s30
s31
s32
mix column
Cryptographic primitives
s00
s01
s02
s03
s’00
s’01
s’02
s’03
s10
s11
s12
s13
s’10
s’11
s’12
s’13
s20
s21
s22
s23
s’20
s’21
s’22
s’23
s30
s31
s32
s33
s’30
s’31
s’32
s’33
k0
k4
k8
k12
k1
k5
k9
k13
k2
k6
k10
k14
k3
k7
k11
k15
w0
w1
w2
w3
g
+
+
+
+
w4
w5
w6
w7
g
Cryptographic primitives
+
+
+
+
w8
w9
w10
w11
…
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
swap(S[i], S[j]);
i, j = 0;
while true
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
swap(S[i], S[j]);
t = (S[i] + S[j]) mod 256;
output S[t];
Cryptographic primitives
Ek(x)
ciphertext
E
D
x
plaintext
Dk’(Ek(x)) = x
attacker
k
encryption key
k’
decryption key
Cryptographic primitives
c = me mod n where m < n is the message
cd mod n = m
Cryptographic primitives
Let r be a prime. If gcd(a, r) = 1, then ar-1 mod r = 1.
For every a and n where gcd(a, n) = 1, af(n) mod n = 1.
cd mod n
= (me mod n)d mod n
= med mod n
= mkf(n)+1 mod n
= m*(mf(n))k mod n
= m*(mf(n) mod n)k mod n if gcd(m, n) = 1
= m mod n = m
Cryptographic primitives
cd mod p = med mod p = 0
cd mod q = med mod q = mk(p-1)(q-1)+1 mod q = m*(m (q-1)) k(p-1) mod q =
m*(m (q-1) mod q) k(p-1) mod q = m mod q
p,q|(cd – m)
cd – m= spq = sn
cd = sn + m
cd mod n = m mod n = m
message of arbitrary length
hash function
fix length
message digest / hash value / fingerprint
Cryptographic primitives
each item can take on one of n equally likely values}
Cryptographic primitives
XL
X2
X3
X1
(b)
(b)
(b)
(b)
(n)
f
f
f
f
(n)
(n)
(n)
h(X)
(n)
…
CV0
CVL-1
CV2
CV3
CV1
Cryptographic primitives
A = 67 45 23 01
B = EF CD AB 89
C = 98 BA DC FE
D = 10 32 54 76
E = C3 D2 E1 F0
64 bits
last input block
10000000 … 00000
length
512 bits
Cryptographic primitives
CVi - 1
Xi
(5 x 32 = 160)
(512)
f[0..19], K[0..19], W[0..19]
20 steps
D
E
B
C
A
f[20..39], K[20..39], W[20..39]
20 steps
D
E
B
C
A
f[40..59], K[40..59], W[40..59]
20 steps
D
E
B
C
A
f[60..79], K[60..79], W[60..79]
20 steps
Cryptographic primitives
mod 232 additions
+
+
+
+
+
CVi
A
B
C
D
E
mod 232 additions
f[t]
+
LROT5
+
W[t]
+
LROT30
K[t]
+
A
B
C
D
E
Cryptographic primitives
t = 0..19f[t](B, C, D) = (B Ù C) Ú (ØB Ù D)
t = 20..39f[t](B, C, D) = B Å C Å D
t = 40..59 f[t](B, C, D) = (B Ù C) Ú (B Ù D) Ú (C Ù D)
t = 60..79f[t](B, C, D) = B Å C Å D
W[0..15] = Xi
t = 16..79 W[t] = LROT1(W[t-16] Å W[t-14] Å W[t-8] Å W[t-3])
t = 0..19 K[t] = 5A 82 79 99[230 x 21/2]
t = 20..39 K[t] = 6E D9 EB A1[230 x 31/2]
t = 40..59 K[t] = 8F 1B BC DC[230 x 51/2]
t = 60..79 K[t] = CA 62 C1 D6[230 x 101/2]
Cryptographic primitives
C1
P1
CN
PN
C2
P2
E
D
K
K
E
D
E
D
K
K
K
K
C1
P1
CN
PN
C2
P2
…
…
Protocol primitives
PN
P1
P2
P3
+
+
+
+
E
E
E
E
K
K
K
K
CN-1
C1
C3
C2
CN
C2
C1
C3
D
D
D
D
K
K
K
K
+
+
+
+
PN
P1
P2
P3
IV
CN-1
…
Protocol primitives
IV
CN-1
initialized with IV
initialized with IV
(s)
(s)
shift register (n)
shift register (n)
(n)
(n)
E
E
K
K
(n)
(n)
select s bits
select s bits
(s)
(s)
(s)
(s)
(s)
(s)
Protocol primitives
Pi
Ci
Ci
Pi
+
+
initialized with IV
initialized with IV
(s)
(s)
shift register (n)
shift register (n)
(n)
(n)
E
E
K
K
(n)
(n)
select s bits
select s bits
(s)
(s)
Protocol primitives
(s)
(s)
(s)
(s)
Pi
Ci
Ci
Pi
+
+
counter + i
counter + i
(n)
(n)
E
E
K
K
(n)
(n)
(n)
(n)
(n)
(n)
Ci
Pi
Pi
Ci
+
+
Protocol primitives
plaintext message
generate random
symmetric key
symmetric-key
cipher
(in CBC mode)
bulk encryption key
asymmetric-key
cipher
public key
of the receiver
Protocol primitives
digital envelop
Y1 = EK(X1)
Yi = EK(Xi + Yi-1)
MACK(X) = Ylast
MACK(X) = h(X|K)
MACK(X) = EK(h(X))
Protocol primitives
HMACK(X) = h( (K+ + opad) | h( (K+ + ipad) | X ) )
where
Protocol primitives
s(m) = md mod n
se mod n = m?
Protocol primitives
private key
of sender
generation
signature
message
hash
enc
h
signature
message
hash
dec
h
Protocol primitives
verification
compare
public key
of sender
yes/no
Protocol primitives
s º k-1( h(m) – ar ) (mod p – 1)
ks º h(m) – ar (mod p – 1)
h(m) º ks + ar (mod p – 1)
gh(m)º gar+ksº (ga)r(gk)sº Arrs (mod p)
thus, v1 = v2 is required
Protocol primitives
Key management
generate Kab
A, { B, Kab, Ta }Kas
A, { B, Kab, Ts’ }Kas
B, { A, Kab, Ts }Kbs
{ A, Kab, Ts(n) }Kbs
{ A, Kab, Ts’’ }Kbs
{ B, Kab, Ts’ }Kas
{ A, Kab, Ts }Kbs
M
(impersonating A and B)
S
B
A
S
B
Key management
...
A, B, Na
generate Kab
{ Na, B, Kab, {Kab, A}Kbs }Kas
{ Kab, A }Kbs
{ Nb }Kab
{ Nb -1}Kab
S
A
B
Key management
{ A, Na }Kb
{ Na, Nb }Ka
{ Nb }Kb
{ A, Na }Km
{ A, Na }Kb
{ Na, Nb }Ka
{ Na, Nb }Ka
{ Nb }Km
{ Nb }Kb
A
B
M
A
B
Key management
A
B
Initially known:
p large prime
g generator of Zp*
Alice
Bob
generate random
number 0 < a < p-1
and calculate
A = ga mod p
generate random
number 0 < b < p-1
and calculate
B = gb mod p
calculate
K= Ab mod p = gab mod p
calculate
K= Ba mod p = gab mod p
Key management
A, Ka
{ message }Ka
A
B
M
A, Ka
A, Km
{ message }Km
{ message }Ka
A
B
Key management
Key management
CA
…
CA structures
CA2
KCA2
CA1
KCA1
Bob
KBob
KCA0
KCA2-1
KCA0-1
KCA1-1
CA structures
CA0
CA2
CA1
CA3
CA31
CA32
CA11
CA12
CA23
Alice
Bob
CA structures
CA0
CA2
CA1
CA3
CA31
CA32
CA11
CA12
CA23
Alice
Bob
CA structures
CA1
CA3
CA31
CA32
CA11
CA12
CA2
Alice
Bob
CA structures