1 / 13

Lecture 3: Secret Key Cryptography

Lecture 3: Secret Key Cryptography. Outline concepts DES IDEA AES. Glossary. plaintext – message in its original form ciphertext – encrypted message encryption – process of producing ciphertext from plaintext decryption – reverse process

lesley-zimmerman
Download Presentation

Lecture 3: Secret Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 3: Secret Key Cryptography Outline • concepts • DES • IDEA • AES

  2. Glossary • plaintext – message in its original form • ciphertext – encrypted message • encryption – process of producing ciphertext from plaintext • decryption – reverse process • breaking encryption scheme – discovering plaintext that matches ciphertext • cryptoanalyst, attacker, intruder, bad guy – an entity trying to break encryption

  3. Concepts • block cipher – encrypts blocks of data (say 64), essentially substituting 64 bit-data block by 64-bit encrypted block • we can specify cipher by stating the complete data->encryption, is it possible? • can two data blocks map to the same encrypted block? • can we map a data block to a smaller (larger) encrypted block? • two basic operations for k-bit blocks • substitution – for each 2k inputs specify output, impractical for large k • permutation – for each bit specifies the output position it gets • block encryption usually contains multiple rounds of substituitions and premutations

  4.  (Exclusive-OR) • Bitwise operation with two inputs where the output bit is 1 if exactly one of the two input bits is one • (B  A)  A) = B • If A is a “one time pad”, very efficient and secure • Common encryption schemes (e.g. RC4) calculate a pseudo-random stream from a key

  5. DES Intro • DES – Data Encryption Standard • published in 1977 by National Bureau of Standards (now NIST) with input from NSA • based on IBM Lucifer cipher • encodes 64-bit blocks • uses 56-bit key • key consists of 8 octets, where 7 bits are useful and 8th is parity • efficient to implement in hardware, but slow in software • the adoption of DES was done without public scrutiny • some operations are suspect

  6. DES Basic Structure • encryption • 64 bit data block is permuted (initial permutation) • from 56-bit key – generate sixteen 48-bit round keys • 16 rounds: at each round take 64-bit data from previous round and 48-bit key and produce data for the next round • final permutation (inverse of initial permutation) • decryption • do initial permutation (to undo final) • run 16 rounds “in reverse” (more later) • do final permutation • security value of initial/final permutations is suspect

  7. DES Round Key Generation • 56-bit key is divided into two 28-bit halves: C0 and D0 • initial permutation of both parts (security value suspect) • 16 rounds • in each round the bits Ci-1 and Di-1 are rotated (to produce Ciand Di) then permuted (this permutation may be of security value) and some bits dropped to produce two 24-bit halves of Ki

  8. DES Round • 64-bit input is divided into 32-bit halves Lnand Rn • observe that due to properties of  decoding can be done even if the mangler function is not reversible encoding decoding

  9. DES Mangler Function • takes 32-bit Rn and 48-bit Kn and produces a 32-bit Rn+1 • operation • 32-bit Rn is expanded to 48 bits – each 4-bits are expanded to 6 bits by duplicating adjacent bits • each 6 bits or Rn are XOR-ed with corresponding 6 bits of Kn and fed into S-Box (1 through 8) each S-box is different • S-Box is a (completely defined) substitution that accepts 6 bits and produces 4 bits (mapping is not unique) • the output 32 bits are then permuted to produce Rn+1the idea of the permutation is so that the output of one S-Box affexts the input of multiple S-Boxes in the next round

  10. DES Weak Keys • there are sixteen DES keys that are suspect • 4 weak keys: • C0 and D0 are either all 0s or all 1s - thekeys are their own inverses (encrypting with the key is the same as decrypting with it) • semi-weak: • either all 0s and all 1s or alternating 0s and 1s

  11. Why is DES the Way it Is? • operations in DES appear simple and arbitrary • things are however mysterious • if S-Boxes 3 and 7 are swapped, DES is an order of magnitude less secure • DES design process was not public, so it is not clear how the details were chosen • if they leave some hidden weakness? • possibility • DES was designed to be strong against specific attacks the designers knew about but did not publish (not to educate the bad guys) • are the other standards vulnerable to these attacks?

  12. IDEA • IDEA = international data encryption standard • devloped by Lai and Massey, 1992 • 64-bit block size, 128-bit key • similar to DES in the sense – operates in rounds, complicated one-way mangler function • 8.5 rounds of: : bitwise XOR +: addition mod 216 : multplication mod 216 + 1 • decryption: same as encryption, with inverse keys • very secure, a bit slow (about the same as DES)

  13. AES AES = Advanced Encryption Standard • public design process: • NIST’s request for proposals (1997) • Winner: Rijndael (2000) • Rijndael • 128, 192, or 256-bit block size, 128, 192, or 256-bit key. • algebraically designed s-boxes, input is divided into octets • 10-14 rounds of: • Byte substitution in every octet using s-box • shifting (rotating) rows • MixColumn – spread octets according specified MicColumn table • XOR with a RoundKey • Decryption is by design similar to encryption

More Related