1 / 53

Additional Notes to explain DES and AES

Additional Notes to explain DES and AES. Textbook: Fundamentals of Secure Computer Systems , Brett C. Tjaden, Franklin, Beedle & Associates, 2004, ISBN: 1-887902-66-X. This is a very readable and inexpensive book. Overview. Modern symmetric-key cryptosystems Data Encryption Standard (DES)

nevin
Download Presentation

Additional Notes to explain DES and AES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Additional Notes to explain DES and AES • Textbook: Fundamentals of Secure Computer Systems, Brett C. Tjaden, Franklin, Beedle & Associates, 2004, ISBN: 1-887902-66-X. • This is a very readable and inexpensive book.

  2. Overview • Modern symmetric-key cryptosystems • Data Encryption Standard (DES) • Adopted in 1976 • Block size = 64 bits • Key length = 56 bits • Advanced Encryption Standard (AES) • Adopted in 2000 • Block sizes = 128, 192, or 256 bits • Key lengths = 128, 192, or 256 bits

  3. DES - History • 1973: NBS (now NIST)solicits proposals for crypto algorithm which: • Provides a high level of security • Completely specified and easy to understand • Is available royalty-free • Is efficient

  4. DES – History (cont) • 1974 • IBM submits variant of Lucifer algorithm • NBS asks NSA for comments on the algorithm • NSA likes the algorithm with modifications • Key size reduced from 128 to 56 bits • Minor changes in details of the algorithm • 1976 • DES approved (unclassified communications) • To be reviewed every five years • 1983: NBS recertifies DES • 1987: NBS recertifies DES • 1988: NBS becomes NIST • 1993: NIST recertifies DES • 1998: NIST begins AES competition

  5. DES - Overview • Adopted as U.S. government standard in 1976 • Block cipher, symmetric key • 64-bit block size, 56-bit key • Simple algorithm Chapter 3  Symmetric Key Cryptosystems 5

  6. DES - Keys • Any 56-bit string can be a DES key • There are 256 keys • 72,057,594,037,927,936 DES keys • Test one trillion keys per second • 2 hours to find the key • A very small number of “weak keys” Chapter 3  Symmetric Key Cryptosystems 6

  7. DES – The Algorithm • To encrypt a 64-bit plaintext block • An initial permutation • 16 roundsof substitution, transposition • 48-bit subkey added to each round, • Subkeys derived from 56-bit DES key • Final permutation Chapter 3  Symmetric Key Cryptosystems 7

  8. DES – Algorithm Overview Chapter 3  Symmetric Key Cryptosystems 8

  9. DES Initial Permutation • Permutes 64 bits of the plaintext • 58th bit is moved to position 1 • 50th bit is moved to position 2 …. • 7th bit is moved to position 64 Chapter 3  Symmetric Key Cryptosystems 9

  10. DES Initial Perm Example Chapter 3  Symmetric Key Cryptosystems 10

  11. DES – Subkey Generation • DES key: 64-bits (eight parity bits) • A 56-bit DES key • 11010001101010101000101011101010101000100011010101010101 • The 64-bit representation • 1101000111010100101000110101110010101010000100011101010010101010 • Sixteen 48-bit subkeys generated from 64-bit DES key (one for each round) Chapter 3  Symmetric Key Cryptosystems 11

  12. DES – Subkey (cont) • 64-bit DES key • 1101000111010100101000110101110010101010000100011101010010101010 • A key permutation removes eight parity bits and • The 57th bit is moved to position 1 • The 49th bit is moved to position 2 … • The 4th bit is moved to position 56 Chapter 3  Symmetric Key Cryptosystems 12

  13. DES Key Perm Example • 64-bit “key” to 56-bit DES key

  14. DES – Subkey Gen (cont) • 56 key bits (after permutation) divided into two 28-bit halves • Each half circularly shifted left by one bit (rounds 1,2,9 and 16) or 2 bits (all other rounds) • Halves recombined into 56 bit string

  15. DES – Compression Perm • Compression permutation selects 48 bits • 14th bit goes to output 1 • 17th bit goes to output 2 …. • 32nd bit goes to output 48

  16. DES Compression Perm Example

  17. DES Round 1 Subkey Chapter 3  Symmetric Key Cryptosystems 17

  18. DES - Subkey Overview

  19. DES – Rounds • Each of 16 rounds takes 64-bit block of input to 64-bit block of output • The output from initial perm is input to round one • Round one output is input to round two • Round two output is input to round three  • Round 16 output is ciphertext Chapter 3  Symmetric Key Cryptosystems 19

  20. Input block (64) L1 (32) L2 (32) R1 (32) R2 (32) Output block (64) EP XOR P-box S-box Subkey1 XOR DES – Round 1 Chapter 3  Symmetric Key Cryptosystems 20

  21. DES Rounds • 64-bit input divided into two 32-bit halves • Right half sent through expansion perm which produces 48 bits by • Rearranging the input bits • Repeating some input bits more than once Chapter 3  Symmetric Key Cryptosystems 21

  22. DES – Expansion Permutation Chapter 3  Symmetric Key Cryptosystems 22

  23. DES – XOR Operation • XOR is applied to the 48-bit output of expansion perm and subkey • The resulting 48-bits go to S-boxes Chapter 3  Symmetric Key Cryptosystems 23

  24. DES – S-boxes • S-boxes perform substitution • 8 different S-boxes • Each S-box maps 6 bits to 4 bits • Bits 1-6 are input to S-box 1 • Bits 7-12 are input to S-box 2, etc. Chapter 3  Symmetric Key Cryptosystems 24

  25. DES – Inside an S-box • Each S-box has 4 rows, 16 columns • S-box 1 • First and last input bits specify the row • Middle four input bits specify the column Chapter 3  Symmetric Key Cryptosystems 25

  26. DES – Inside S-box (cont) • S-box entry is the four-bit output • Examples with S-box 1 • 011010  row 0, column 13  9 = 1001 (output) • 110010  row 2, column 9  12 = 1100 (output) • 000011  row 1, column 1  15 = 1111 (output) Chapter 3  Symmetric Key Cryptosystems 26

  27. DES – S-boxes Chapter 3  Symmetric Key Cryptosystems 27

  28. DES – S-boxes Example Chapter 3  Symmetric Key Cryptosystems 28

  29. DES – P-box • 32-bit output of S-boxes goes to P-box • P-box permutes the bits • The first bit is moved to position 16 • The second bit is moved to position 7 • The third bit is moved to position 20 : • The thirty-second bit is moved into position 25 Chapter 3  Symmetric Key Cryptosystems 29

  30. DES – P-box Example Chapter 3  Symmetric Key Cryptosystems 30

  31. DES – Second XOR Operation • Output of P-box is XORed with the left half of 64-bit input block • 32-bit output of the XOR operation: • 01101111011011000110111010010010 Chapter 3  Symmetric Key Cryptosystems 31

  32. DES – Rounds • 64-bit output from round 1 is input for round 2 • Output from round 2 is input for round 3 : • Output from round 16 is passed through a final permutation Chapter 3  Symmetric Key Cryptosystems 32

  33. DES – Final Perm • Final permutation is inverse of initial perm • 40th bit is moved into the 1st position • 8th bit is moved into the 2nd position : • 25th bit is moved into the 64th position • Output of final permutation is ciphertext Chapter 3  Symmetric Key Cryptosystems 33

  34. DES – Encryption Overview

  35. DES - Decryption • Same algorithm and key as encryption • Subkeys are applied in opposite order • Subkey 16 used in first round • Subkey 15 used in second round : • Subkey 1 used in 16th round Chapter 3  Symmetric Key Cryptosystems 35

  36. DES - Summary • DES still widely used • 56-bit key • 1998, EFF built $220,000 DES cracker, requires about 4 days/key • DES also important historically • Late 90’s AES competition produced several strong crypto algorithms Chapter 3  Symmetric Key Cryptosystems 36

  37. AES - History • 1997: NIST requests proposals for a new Advanced Encryption Standard (AES) to replace DES • NIST required that the algorithm be: • A symmetric-key cryptosystem • A block cipher • Capable of supporting a block size of 128 bits • Capable of supporting key lengths of 128, 192, and 256 bits • Available on a worldwide, non-exclusive, royalty-free basis • Evaluation criteria: • Security - soundness of the mathematical basis and the results of analysis by the research community • Computational efficiency, memory requirements, flexibility, and simplicity Chapter 3  Symmetric Key Cryptosystems 37

  38. AES – Round 1 of the Competition • NIST selects 15 submissions for evaluation: • CAST-256 (Entrust Technologies, Inc.) • Crypton (Future Systems, Inc.) • DEAL (Richard Outerbridge, Lars Knudsen) • DFC (Centre National pour la Recherche Scientifique—Ecole Normale Superieure) • E2 (Nippon Telegraph and Telephone Corporation) • Frog (TecApro Internacional S.A.) • HPC (Rich Schroeppel) • Loki97 (Lawrie Brown, Josef Pieprzyk, Jennifer Seberry) • Magenta (Deutsche Telekom AG) • MARS (IBM) • RC6 (RSA Laboratories) • Rijndael (Joan Daemen, Vincent Rijmen) • SAFER+ (Cylink Corporation) • Serpent (Ross Anderson, Eli Biham, Lars Knudsen) • Twofish (Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson) Chapter 3  Symmetric Key Cryptosystems 38

  39. AES – Round 1 Results • After eight months of analysis and public comment, NIST: • Eliminated DEAL, Frog, HPC, Loki97, and Magenta • Had what NIST considered major security flaws • Were among the slowest algorithms submitted • Eliminated Crypton, DFC, E2, and SAFER+ • Had what NIST considered minor security flaws • Had unimpressive characteristics on the other evaluation criteria • Eliminated CAST-256 • Had mediocre speed and large ROM requirements • Five candidates, MARS, RC6, Rijndael, Serpent, and Twofish, advanced to the second round Chapter 3  Symmetric Key Cryptosystems 39

  40. AES – Results • Analysis and public comment on the five finalists • October 2000: NIST: • Eliminates MARS • High security margin • Eliminates RC6 • Adequate security margin, fast encryption and decryption on 32-bit platforms • Eliminates Serpent • High security margin • Eliminates Twofish • High security margin • Selects Rijndael • Adequate security margin, fast encryption, decryption, and key setup speeds, low RAM and ROM requirements Chapter 3  Symmetric Key Cryptosystems 40

  41. AES – Rijndael Algorithm • Symmetric-key block cipher • Block sizes are 128, 192, or 256 bits • Key lengths are 128, 192, or 256 bits • Performs several rounds of operations to transform each block of plaintext into a block of ciphertext • The number of rounds depends on the block size and the length of the key: • Nine regular rounds if both the block and key are 128 bits • Eleven regular rounds if either the block or key are 192 bits • Thirteen regular rounds if either the block or key is 256 bits • One, slightly different, final round is performed after the regular rounds Chapter 3  Symmetric Key Cryptosystems 41

  42. AES – Rijndael Algorithm (cont) • For a 128-bit block of plaintext and a 128-bit key the algorithm performs: • An initial AddRoundKey (ARK) operation • Nine regular rounds composed of four operations: • ByteSub (BSB) • ShiftRow (SR) • MixColumn (MC) • AddRoundKey (ARK) • One final (reduced) round composed of three operations: • ByteSub (BSB) • ShiftRow (SR) • AddRoundKey (ARK) Chapter 3  Symmetric Key Cryptosystems 42

  43. AES – Rijndael Overview

  44. AES – Rijndael Keys • Keys are expressed as 128-bit (or bigger) quantities • Keyspace contains at least 2128 elements: • 340,282,366,920,938,463,463,374,607,431,768,211,456 • Exhaustive search at one trillion keys per second takes: • 1x1019 years (the universe is thought to be about 1x1010 years old)

  45. AES – Rijndael Keys (cont) • Blocks and keys are represented as a two-dimensional array of bytes with four rows and four columns: • Block = 128 bits = 16 bytes = b0, b1, . . ., b15 • Key = 128 bits = 16 bytes = k0, k1, . . ., k15

  46. AES - The ByteSub Operation • An S-box is applied to each of the 16 input bytes independently • Each byte is replaced by the output of the S-box:

  47. AES – The Rijndael S-box

  48. AES – The Rijndael S-box (cont) • The input to the S-box is one byte: • Example 1: • b0 = 01101011 (binary) = 6b (hex) • b’0 = row 6, column b = 7f (hex) = 01111111 (binary) • Example 2: • b1 = 00001000 (binary) = 08 (hex) • b’1 = row 0, column 8 = 30 (hex) = 00110000 (binary) • Example 3: • b2 = 11111001 (binary) = f9 (hex) • b’2 = row f, column 9 = 99 (hex) = 10011001 (binary) Chapter 3  Symmetric Key Cryptosystems 48

  49. AES - ShiftRow Operation • Each row of the input is circularly left shifted: • First row by zero places • Second row by one place • Third row by two places • Fourth row by three places Chapter 3  Symmetric Key Cryptosystems 49

  50. AES - The MixColumn Operation • The four bytes in each input column are replaced with four new bytes: Chapter 3  Symmetric Key Cryptosystems 50

More Related