1 / 29

Encryption Schemes

Encryption Schemes. Second Pass Brice Toth 21 November 2001. Introduction. Background Info Stream Ciphers Private-key Methods Public-key Methods Block Ciphers Types of Attacks. Constructions of Secure Encryption Schemes. Key ideas:

zorina
Download Presentation

Encryption Schemes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption Schemes Second Pass Brice Toth 21 November 2001

  2. Introduction • Background Info • Stream Ciphers • Private-key Methods • Public-key Methods • Block Ciphers • Types of Attacks

  3. Constructions of Secure Encryption Schemes • Key ideas: • Using any pseudorandom function, one can construct secure private-key encryption schemes • Using any trapdoor one-way permutation, one can construct secure public-key encryption schemes • Secure schemes must employ a probabilistic (randomized) encryption algorithm so that one cannot distinguish two encryptions of the same message

  4. Stream Ciphers • Typically there are less Stream Ciphers in use than Block Ciphers • Difficult to use correctly • Basis: • Pseudorandom Generators • Keys • States • XOR

  5. Stream Ciphers • Basic Construction: • Key-generation/Initial State • Uniformly select R (random number) and generate key pair (r,r) and set initial state to t=0 • Encrypting Plaintext • Encrypt plaintext x with key r and state t such that l=|x| and p is the l-bit suffix of the encryption algorithm with input r and 1^(t+l) so that ciphertext is x Å p, and new state is t+l • Decrypting Ciphertext • Decrypt ciphertext y with key r and state t such that l=|y| and p is the l-bit suffix again so that the plaintext is yÅ p

  6. Stream Ciphers • Why are they so hard to use? • Must never reuse a key • If key is reused, same stream of output generated • Must keep track of states • Must always depend on other things: • Some way to agree on keys • Authentication • Synchronization

  7. Stream Ciphers • Some examples: • A5 • RC4 • SOBER • WAKE • SEAL • Panama

  8. Private-key Methods • Basic Construction: • Block Cipher with length n for message x • Generate key by selecting seed s and applying function fs • Encryption algorithm selects a uniform string r and produces ciphertext (r,xÅfs(r)) • Decrypt ciphertext (r,y) using key s by computing yÅfs(r)

  9. Public-key Methods • Basic Construction: • Key generation selects a random permutation p from a collection of trapdoor permutations, along with a trapdoor t(p serves as the public-key and t serves as the private-key) • When encrypting a bit b, the encryption algorithm randomly selects an element r in the domain of p and produces ciphertext (p(r),bÅr)

  10. Public-key Methods • Decrypting occurs by taking ciphertext (y, s) and computing the inverse using t or sÅr(p-1(y)) • The security of the scheme follows from the one-way feature of the collection p

  11. Block Ciphers • Basis: • Take blocks of input and encrypt entire block • Reusable keys • Different modes • Keep in mind potential problem areas: • Block padding • Initialization vectors • Codebook attacks, use the right modes

  12. Block Ciphers • Modes of Operation: • Different characteristics • Error propagation • Resynchronization • Block resolution • Efficiency • Increase in data size • 4 Modes defined in Federal Information Processing Standards

  13. Block Ciphers • Electronic Code Book – separately encrypt each block, patterns recognizable, “codebook” can be built up • Cipher Block Chaining – XOR plaintext with previous ciphertext block, then encrypt, use initialization vector for first block, makes identical inputs look different

  14. Block Ciphers • Ciphertext Feedback – take previous ciphertext, encrypt, then XOR with plaintext • Output Feedback – encrypt previous output, then XOR with plaintext to get ciphertext, uses counters to determine where to take from output

  15. Block Ciphers • Basic Construction: • Generate key pair • Encrypt plaintext • Break message into consecutive blocks of length l (possibly have to augment the last block with some padding) • Encrypt each block with encryption key r • Decrypt ciphertext • Decrypt each block with decryption key d and concatenate blocks less padding to get plaintext

  16. Block Ciphers • The Basic Construction results in ciphertexts that reveal the exact length of the original plaintext • This is acceptable and completely hiding the length is futile • Encryption schemes that hide some information about the length of the plaintext can easily be constructed

  17. Block Ciphers • Some examples: • DES • Blowfish • IDEA • SAFER • CAST • AES (Rijndael)

  18. Block Ciphers - AES • Advanced Encryption Standard • National Institute of Standards and Technology search for standard replacement for DES • Requirements: • 128 bit blocksize • 128, 192, 256 bit keys • Finalists announced in August 1999

  19. Block Ciphers - AES • Serpent • Rijndael • Twofish • Mars • RC6 • Winner: Rijndael

  20. Block Ciphers - AES • Joan Daemen and Vincent Rijmen (Belgium) • Based on an algorithm called Square • Supports keys which are multiples of 32 bits and block sizes which are multiples of 64 bits • Number of rounds changes based on key size • Generally faster than the other candidates

  21. Block Ciphers - AES • Key Schedule for Rijndael: • Expand cipher key (varies depending on key length, uses linear recurrence relations) • Round keys are taken from the expanded cipher key • Round keys are then rotated, passed through the S-box, and XOR’d with a round dependent constant (constants based on similar computation to S-box)

  22. Block Ciphers - AES • Variable rounds: • 9 if both block and key are 128 bits • 11 if either block or key is 192 bits and neither are longer than that • 13 if either block or key is 256 bits • etc

  23. Block Ciphers - AES • Using Rijndael: • Perform Add Round Key Step (XOR a subkey with the block) • Perform rounds: • Byte Sub (each byte of the block is replaced by its substitute from an S-box) • Shift Row • Bytes are arranged in a rectangle and shifted, ex. from to 1 5 9 13 1 5 9 13 2 6 10 14 6 10 14 2 3 7 11 15 11 15 3 7 4 8 12 16 16 4 8 12

  24. Block Ciphers - AES • The S-box is: 99 124 119 123 242 107 111 197 48 1 103 43 254 215 171 118 202 130 201 125 250 89 71 240 173 212 162 175 156 164 114 192 183 253 147 38 54 63 247 204 52 165 229 241 113 216 49 21 4 199 35 195 24 150 5 154 7 18 128 226 235 39 178 117 9 131 44 26 27 110 90 160 82 59 214 179 41 227 47 132 83 209 0 237 32 252 177 91 106 203 190 57 74 76 88 207 208 239 170 251 67 77 51 133 69 249 2 127 80 60 159 168 81 163 64 143 146 157 56 245 188 182 218 33 16 255 243 210 205 12 19 236 95 151 68 23 196 167 126 61 100 93 25 115 96 129 79 220 34 42 144 136 70 238 184 20 222 94 11 219 224 50 58 10 73 6 36 92 194 211 172 98 145 149 228 121 231 200 55 109 141 213 78 169 108 86 244 234 101 122 174 8 186 120 37 46 28 166 180 198 232 221 116 31 75 189 139 138 112 62 181 102 72 3 246 14 97 53 87 185 134 193 29 158 225 248 152 17 105 217 142 148 155 30 135 233 206 85 40 223 140 161 137 13 191 230 66 104 65 153 45 15 176 84 187 22

  25. Block Ciphers - AES • Mix Column • Matrix multiplication performed where each column is multiplied by: 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2 • Add round key (XOR subkey for current round) • An extra final round is added where the mix column step is omitted

  26. Block Ciphers - AES

  27. Block Ciphers - AES

  28. Types of Attacks • Passive Attacks • Adversary eavesdrops on the line and possibly gets the sender to encrypt a message of the adversary’s choice and/or gets the sender to decrypt a ciphertext of the adversary’s choice • Key-oblivious: choice of plaintext does not depend on the key • Key-dependent: choice of plaintext does depend on the key

  29. Types of Attacks • Chosen Plaintext Attacks • Attacker obtains the encryption of any plaintext of its choice (under the key being attacked) • Chosen Ciphertext Attacks • Attacker obtains the decryption of any ciphertext of its choice (under the key being attacked)

More Related