slide1 l.
Download
Skip this Video
Download Presentation
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room

Loading in 2 Seconds...

play fullscreen
1 / 20

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room - PowerPoint PPT Presentation


  • 103 Views
  • Uploaded on

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford [Prof. Comp. Sc. ,Purdue university USA]. RC6 AS AES. Ronald L. Rivest M.J.B. Robshaw Yiqun Lisa Yin Ray Sidney Presented by

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room ' - lynton


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” —

Gene Spafford

[Prof. Comp. Sc. ,Purdue university USA]

NETWORK SECURITY

rc6 as aes

RC6 AS AES

Ronald L. Rivest

M.J.B. Robshaw

Yiqun Lisa Yin

Ray Sidney

Presented by

HARISH KUMAR LOHAR

2005H103020

NETWORK SECURITY

outline
Outline
  • What is AES
  • Candidates for AES
  • Design Issues
  • RC6 – Introduction
  • RC6 – Detail
  • Performance
  • Security
  • Comparison with RIJNDAEL.
  • Coclusion

NETWORK SECURITY

what is aes
What is AES?
  • The AES was issued as FIPS PUB 197 by NIST. The AES algorithm was selected in October 2001 and the standard was published in November 2002.
  • NIST's intent was to have a cipher that will remain secure well into the next century.
  • AES supports key sizes of 128 bits, 192 bits, and 256 bits, in contrast to the 56-bit keys offered by DES.

NETWORK SECURITY

candidates for aes
Candidates for AES
  • MARS-
        • IBM,KEY SIZE 448 BITS,16 ROUND,Integer addition and bitwise XOR.
  • RC6
        • RSA LABORATORIES.
  • SERPENT
        • Ross Anderson[UK],Eli Biham[ISRAEL],Lars Kundsen[NORWAY],32 Rounds,S-Boxes same as DES.
  • TWO FISH
        • Submitted by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson (United States), Blowfish,feistel network,complex and difficult to analyze
  • RIJNDAEL
        • Joan Daemen and Vincent Rijmen (Belgium)
        • Fast, simple, secure, versatile
        • Rijndael is unconventional in that its blocks are matrices of elements i. In the 128-bit version
        • 10 rounds, In each round the individual bytes are transformed, the rows are rotated, and the columns are multiplied to a constant matrix,XORing of the resulting array to a round key.

NETWORK SECURITY

design issues
Design Issues
  • Security Simplicity Versatility
  • Use data-dependent rotations to achieve a high level of security.
  • Adapt RC5 to meet AES requirements.
  • Take advantage of a new primitive for increased security and efficiency.
  • 32x32 multiplication, which executes quickly on

modern processors, to compute rotation amounts.

NETWORK SECURITY

rc6 introduction
RC6 - Introduction
  • RSA Laboratories (United States).
  • RC6 is a parameterized, fast and simple algorithm based on the well-trusted RC5 cipher.
  • Submission consists of 20 rounds.
  • Uses of 32-bit variable rotations and integer multiplications.
  • Uses Four -32 bit register.
  • RC6-w/r/b.[w – words size ,r – round , b -key size in byte]
  • Operations
        • a + b integer addition modulo 2w
        • a - b integer subtraction modulo 2w
        • a b bitwise exclusive-or of w-bit words
        • a b integer multiplication modulo 2w
        • a<<<b rotate the w-bit word a to the left by the amount given by the least signicant lg w bits of b
        • a>>>b rotate the w-bit word a to the right by the amount given by the least signicant lg w bits of b

NETWORK SECURITY

slide8

Key Schedule

Input:

User-supplied b byte key preloaded into the c-word

array L[0; : : : ; c - 1]

Number r of rounds

Output:

w-bit round keys S[0; : : : ; 2r + 3]

Procedure:

S[0] = Pw

for i = 1 to 2r + 3 do

S[i] = S[i - 1] + Qw

A = B = i = j = 0

v = 3 maxfc; 2r + 4g

for s = 1 to v do

{

A = S[i] = (S[i] + A + B)<<<3

B = L[j] = (L[j] + A + B)<<<(A + B)

i = (i + 1)mod(2r + 4)

j = (j + 1)modc

}

P32 = B7E15163 and Q32 = 9E3779B9 (hexadecimal)

NETWORK SECURITY

slide9

Encryption

Input:

Plaintext stored in four w-bit input registers A;B;C;D

Number r of rounds

w-bit round keys S[0; : : : ; 2r + 3]

Output:

Ciphertext stored in A;B;C;D

Procedure:

B = B + S[0]

D = D + S[1]

for i = 1 to r do

{

t = (B x (2B + 1))<<<lg w

u = (D x (2D + 1))<<<lg w

A = ((A xor t)<<<u) + S[2i]

C = ((C xor u)<<<t) + S[2i+ 1]

(A,B,C,D) = (B,C,D,A)

}

A = A + S[2r + 2]

C = C + S[2r + 3]

NETWORK SECURITY

slide10

Decryption

Input:

Ciphertext stored in four w-bit input registers A;B;C;D

Number r of rounds

w-bit round keys S[0; : : : ; 2r + 3]

Output:

Plaintext stored in A;B;C;D

Procedure:

C = C - S[2r + 3]

A = A - S[2r + 2]

for i = r downto 1 do

{

(A;B;C;D) = (D; A;B;C)

u = (D x (2D + 1))<<<lg w

t = (B x(2B + 1))<<<lg w

C = ((C - S[2i + 1])>>>t xor u

A = ((A - S[2i])>>>u) xor t

}

D = D - S[1]

B = B - S[0]

NETWORK SECURITY

rc6 round
RC6 Round

NETWORK SECURITY

security
Security

8b 1408

  • Exhaustive search - 2 to 2

704

  • Meet in Middle Attack – 2
  • Chances that two 256 bit key will yield same key Array.

2x256 – 44x3 -896 -70

2 = 2 = 10

  • No timing attacks since rotation are data dependent
  • No known weak keys.
  • No known related-key attacks.
  • Round keys appear to be a “random” function of the supplied key.
  • Bonus: key expansion is quite “one-way”- difficult to infer supplied key from round keys.

NETWORK SECURITY

performance
Performance
  • CPU cycle /Operation[200 Mhz processor]

Java Borland C Assembly

Key Setup 110000 2300 1108

Encryption 16200 616 254

Decryption 16500 566 254

  • Encryption Rate [Megabits/sec]

Encryption 1.57 41.5 100.8

Decryption 1.55 45.2 100.8

  • On 8 bit processor

Intel MCS51 ( 1 Mhz clock )

Encrypt/decrypt at 9.2 Kbits/second(13535 cycles/block)

Key setup in 27 milliseconds

Only 176 bytes needed for table of round keys.

Fits on smart card (< 256 bytes RAM).

NETWORK SECURITY

rc6 why not chosen
RC6 – why not chosen?
  • On 8-bit processors, RC6 does not generally perform as well as some of the other AES finalists.
  • The ultra-secure key schedule had an impact on the key agility of the cipher.
  • The key schedule and the use of multiplication added some complexity to hardware implementations and impacted hardware performance .
  • The performance profile of RC6 on 64-bit machines was volatile. On some processors, RC6 easily out-performed all other finalists .Yet, on Intel’s IA-64 architecture, surprisingly poor support for multiplication meant that the performance of RC6 was hindered .

NETWORK SECURITY

rc6 vs rijndael
RC6 Vs RIJNDAEL
  • RIJNDAEL WINS:
      • 8 bit platforms
      • hardware implementations ..[but ASIC]
  • CLOSE FIGHT:
      • DSP
      • FPGAs
  • RC6 WINS:
      • ARMs,PENTIUM II,PRO,III AND POWER PC
      • ADVANCE PROCESSOR
      • JAVA PLATFORM
      • CODE SIZE AND MEMORY REQUIREMENTS

“RC6 was beyond a doubt the easiest candidate to implement on a

32 bits machine, as is illustrated by its incredibly short code .On

a speed point of view, RC6 is impressive too.”

– Hachez, Koeune, and Quisquater

NETWORK SECURITY

aes submission panel
AES Submission Panel

From left to right:

Ross Anderson, Ron. Rivest, Vincent Rijmen, Bruce Schneier, and Shai Halevi

Source:

http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/submitters1.jpg

NETWORK SECURITY

conclusion
Conclusion
  • SIMPLE
  • SECURE
  • FAST
  • COMPACT
  • FUTURE

“ IMPOSSIBLE IS SOMETHING UNTRIED”

NETWORK SECURITY

glossary
Glossary
  • NIST

– National Institute of Standards and technology.

  • AES

– Advance Encryption Standard.

  • RC

– Rivest Cipher or Ron’s Code

  • FIPS

– Federal Information Processing Standards

NETWORK SECURITY

references
REFERENCES
  • AES candidates..

http://www.rsasecurity.com/rsalabs/node.asp?id=2236

  • AES III [APRIL 13-14,2000] Conference Link:

http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/aes3conf.htm

  • The Effects of Multiple Algorithms in the Advanced Encryption Standard

http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/papers/06-iharvey.pdf

  • R.L. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Yin. The RC6 Block Cipher.v1.1, August 20, 1998. Available fromwww.rsasecurity.com/rsalabs/aes/
  • AES and Future Resiliency: More Thoughts And Questions

By Don B. Johnson

djohnson@certicom.com

March 10, 2000

  • CRIPTOR1.0. VLSI Implementation of the RC6 Block Cipher

Erica Mang

Computers Department,

University of Oradea, 5 Armatei Romane Str., 3700, Oradea, Romania

NETWORK SECURITY

slide20

QUERIES?

THANKS TO ALL OF YOU FOR LISTENING SO ATTENTIVELY AND PATIENTLY……………

NETWORK SECURITY