Applied Cryptography (Symmetric)

1. Applied Cryptography(Symmetric) Part I

2. Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners. —The Golden Bough, Sir James George Frazer

3. Symmetric Encryption • or conventional / private-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key • was only type prior to invention of public-key in 1970’s • and by far most widely used

4. Some Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis

5. Symmetric Cipher Model

6. Requirements • two requirements for secure use of symmetric encryption: • a strong encryption algorithm • a secret key known only to sender / receiver • mathematically have: Y = EK(X) X = DK(Y) • assume encryption algorithm is known • implies a secure channel to distribute key

7. Cryptography • Classify cryptographic system by: • type of encryption operations used • substitution / transposition / product • number of keys used • single-key or private / two-key or public • way in which plaintext is processed • block / stream

8. Cryptanalysis • objective to recover key not just message • general approaches: • cryptanalytic attack • brute-force attack

9. More Definitions • unconditional security • no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security • given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

10. Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext

11. Modern Block Ciphers • now look at modern block ciphers • one of the most widely used types of cryptographic algorithms • provide secrecy /authentication services • focus on DES (Data Encryption Standard) • to illustrate block cipher design principles

12. Block vs Stream Ciphers • block ciphers process messages in blocks, each of which is then en/decrypted • like a substitution on very big characters • 64-bits or more • stream ciphers process messages a bit or byte at a time when en/decrypting • many current ciphers are block ciphers • broader range of applications

13. Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • block ciphers look like an extremely large substitution • would need table of 264 entries for a 64-bit block • instead create from smaller building blocks • using idea of a product cipher

14. Ideal Block Cipher

15. Claude Shannon and Substitution-Permutation Ciphers • Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paper • form basis of modern block ciphers • S-P nets are based on the two primitive cryptographic operations seen before: • substitution (S-box) • permutation (P-box) • provide confusion & diffusion of message & key

16. Confusion and Diffusion • cipher needs to completely obscure statistical properties of original message • a one-time pad does this • more practically Shannon suggested combining S & P elements to obtain: • diffusion– dissipates statistical structure of plaintext over bulk of ciphertext • confusion – makes relationship between ciphertext and key as complex as possible

17. Feistel Cipher Structure • Horst Feistel devised the feistel cipher • based on concept of invertible product cipher • partitions input block into two halves • process through multiple rounds which • perform a substitution on left data half • based on round function of right half & subkey • then have permutation swapping halves • implements Shannon’s S-P net concept

18. Feistel Cipher Structure

19. Feistel Cipher Design Elements • block size • key size • number of rounds • subkey generation algorithm • round function • fast software en/decryption • ease of analysis

20. Feistel Cipher Decryption

21. Data Encryption Standard (DES) • most widely used block cipher in world • adopted in 1977 by NIST • as FIPS PUB 46 • encrypts 64-bit data using 56-bit key • has widespread use • has been considerable controversy over its security

22. DES Encryption Overview

23. DES Round Structure • uses two 32-bit L & R halves • as for any Feistel cipher can describe as: Li= Ri–1 Ri= Li–1F(Ri–1, Ki) • Function F takes 32-bit R half and 48-bit subkey: • expands R to 48-bits using permutation E • adds to subkey using XOR • passes through 8 S-boxes to get 32-bit result • finally permutes using 32-bit perm P

24. DES Round Structure

25. Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes • outer bits 1 & 6 (row bits) select one row of 4 • inner bits 2-5 (col bits) are substituted • result is 8 groups of 4 bits, or 32 bits • row selection depends on both data & key • feature known as autoclaving (autokeying) • example: • S(18 09 12 3d 11 17 38 39) = 5fd25e03 s1

26. DES Key Schedule • forms subkeys used in each round • initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves • 16 stages consisting of: • rotating each half separately either 1 or 2 places depending on the key rotation schedule K • selecting 24-bits from each half & permuting them by PC2 for use in round function F • note practical use issues in h/w vs s/w

27. Avalanche Effect • key desirable property of encryption algorithms • where a change of one input or key bit results in changing approx half output bits • making attempts to “home-in” by guessing keys impossible • DES exhibits strong avalanche

28. Stream Ciphers • process message bit by bit (as a stream) • have a pseudo random keystream • combined (XOR) with plaintext bit by bit • randomness of stream key completely destroys statistically properties in message • Ci = Mi XOR StreamKeyi • but must never reuse stream key • otherwise can recover messages (cf book cipher)

29. Stream Cipher Structure

30. Stream Cipher Properties • some design considerations are: • long period with no repetitions • statistically random • depends on large enough key • large linear complexity • properly designed, can be as secure as a block cipher with same size key • but usually simpler & faster

31. RC4 • a proprietary cipher owned by RSA DSI • another Ron Rivest design, simple but effective • variable key size, byte-orientedstream cipher • widely used (web SSL/TLS, wireless WEP) • key forms random permutation of all 8-bit values • uses that permutation to scramble input info processed a byte at a time

32. RC4 Encryption • encryption continues shuffling array values • sum of shuffled pair selects "stream key" value from permutation • XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte Mi i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Ci = Mi XOR S[t]

33. RC4 Overview

34. RC4 Security • claimed secure against known attacks • have some analyses, none practical • result is very non-linear • since RC4 is a stream cipher, must never reuse a key • have a concern with WEP, but due to key handling rather than RC4 itself