block ciphers
play

Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: - PowerPoint PPT Presentation

Feb 17, 2024 •429 likes •916 views

Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: Private-Key Encryption Algorithms Also called single-key or symmetric key algorithms Both parties share the key needed to encrypt and decrypt messages, hence both parties are

  1. Block Ciphers Fall 2010 CS 334: Computer Security 1

  2. Recall: Private-Key Encryption Algorithms • Also called single-key or symmetric key algorithms • Both parties share the key needed to encrypt and decrypt messages, hence both parties are equal • Modern symmetric key ciphers (developed from product ciphers) include DES, Blowfish, IDEA, LOKI, RC5, Rijndael (AES) and others Fall 2010 CS 334: Computer Security 2

  3. Block Ciphers • One of the most widely used types of cryptographic algorithms – For encrypting data to ensure secrecy – As a cryptographic checksum to ensure integrity – For authentication services • Used because they are comparatively fast, and we know how to design them • We’ll look in particular at DES (Data Encryption Standard) Fall 2010 CS 334: Computer Security 3

  4. Block vs Stream Ciphers • Block ciphers process messages in into blocks, each of which is then en/decrypted – So all bits of block must be available before processing • Like a substitution on very big characters – 64-bits or more • Stream ciphers process messages a bit or byte at a time when en/decrypting – Though technically the only difference here is block size, there are significant differences in how stream and block ciphers are designed. Fall 2010 CS 334: Computer Security 4

  5. Claude Shannon • Wrote some of the pivotal papers on modern cryptology theory – C E Shannon, "Communication Theory of Secrecy Systems", Bell System Technical Journal, Vol 28, Oct 1949, pp 656-715 – C E Shannon, "Prediction and Entropy of printed English", Bell System Technical Journal, Vol 30, Jan 1951, pp 50-64 Fall 2010 CS 334: Computer Security 5

  6. Claude Shannon • Among other things, he developed the concepts of: – Entropy of a message – Redundancy in a language – Theories about how much information is needed to break a cipher – Defined the concepts of computationally secure vs unconditionally secure ciphers – Introduced the idea of substitution-permutation (S-P) networks, basis of current product ciphers Fall 2010 CS 334: Computer Security 6

  7. Shannon S-P Network • cipher needs to completely obscure statistical properties of original message – E.g., a one-time pad does this • more practically Shannon suggested combining elements to obtain: – diffusion – dissipates statistical structure of plaintext over bulk of ciphertext – confusion – makes relationship between ciphertext and key as complex as possible • S-P networks designed to provide these Fall 2010 CS 334: Computer Security 7

  8. Block Cipher Requirements • Must be reasonably efficient • Must be able to efficiently decrypt ciphertext to recover plaintext • Must have a reasonable key length • First attempt: Arbitrary reversible substitution – For a large block size this is not practical for implementation and performance reasons Fall 2010 CS 334: Computer Security 8

  9. Why Not Arbitrary Reversible Substitution? • If we’re going from n bit plaintext to n bit ciphertext: – There are 2 n possible plaintext blocks. – Each must map to a unique output block, so total of 2 n ! reversible transformations • List all n-bit binary (plaintext) strings. First one can go to any of 2 n n-bit binary strings, next to any of 2 n -1 output strings, etc. Fall 2010 CS 334: Computer Security 9

  10. Why Not Arbitrary Reversible Substitution? • If we’re going from n bit plaintext to n bit ciphertext: – So, to specify a specific transformation, essentially need to provide the list of ciphertext outputs for each input block. – How many? Well, 2 n inputs, so 2 n outputs, each n bits long implies an effective key size of n(2 n ) bits. • For blocks of size 64 (desirable to thwart statistical attacks) this amounts to a key of length 64(2 64 ) = 2 70 = 2 67 bytes ~ 1.47 × 10 20 bytes = 147 TB Fall 2010 CS 334: Computer Security 10

  11. Feistel Cipher Structure • Horst Feistel devised the Feistel cipher – based on concept of invertible product cipher – His main contribution was invention of structure that adapted Shannon’s S-P network into easily inverted structure. • Process consists of several rounds. In each round: – partitions input block into two halves – Perform substitution on left half by a round function based on right half of data and subkey – then have permutation swapping halves • implements Shannon’s substitution- permutation network concept Fall 2010 CS 334: Computer Security 11

  12. Fall 2010 CS 334: Computer Security 12

  13. Feistel Cipher Design Principles • block size – increasing size improves security, but slows cipher – 64 bits reasonable tradeoff. Some use 128 bits • key size – increasing size improves security, makes exhaustive key searching harder, but may slow cipher – 64 bit considered inadequate. 128 bit is common size (for now) • number of rounds – increasing number improves security, but slows cipher Fall 2010 CS 334: Computer Security 13

  14. Feistel Cipher Design Principles • subkey generation – greater complexity can make analysis harder, but slows cipher • round function – greater complexity can make analysis harder, but slows cipher • fast software en/decryption & ease of analysis – are more recent concerns for practical use and testing – Making algorithms easy to analyze helps determine cipher effectiveness (DES functionality is not easily analyzed) Fall 2010 CS 334: Computer Security 14

  15. Feistel Cipher Decryption Fall 2010 CS 334: Computer Security 15

  16. Data Encryption Standard (DES) • most widely used block cipher in world • adopted in 1977 by NBS (now NIST) – as FIPS PUB 46 • encrypts 64-bit data using 56-bit key • has widespread use • Considerable controversy over its security – Tweaked by NSA? Fall 2010 CS 334: Computer Security 16

  17. DES History • IBM developed Lucifer cipher – by team led by Feistel – used 64-bit data blocks with 128-bit key • then redeveloped as a commercial cipher with input from NSA and others • in 1973 NBS issued request for proposals for a national cipher standard • IBM submitted their revised Lucifer which was eventually accepted as the DES Fall 2010 CS 334: Computer Security 17

  18. DES Design Controversy • Although DES standard is public was considerable controversy over design – in choice of 56-bit key (vs Lucifer 128-bit) – and because design criteria were classified – And because some NSA requested changes incorporated • Subsequent events and public analysis show in fact design was appropriate – Changes made cipher less susceptible to differential or linear cryptanalysis Fall 2010 CS 334: Computer Security 18

  19. DES Encryption Fall 2010 CS 334: Computer Security 19

  20. Initial Permutation IP • first step of the data computation • IP reorders the input data bits – Permutation specified by tables (See FIPS 46-3) • even bits to LH half, odd bits to RH half • quite regular in structure (easy in h/w) Fall 2010 CS 334: Computer Security 20

  21. DES Round Structure • uses two 32-bit L & R halves • as for any Feistel cipher can describe as: L i = R i –1 R i = L i –1 xor F( R i –1 , K i ) • takes 32-bit R half and 48-bit subkey and: – expands R to 48-bits using perm E – adds to subkey (XOR) – passes through 8 S-boxes to get 32-bit result • Each S-box takes 6 bits as input and produces 4 as output – finally permutes this using 32-bit perm P Fall 2010 CS 334: Computer Security 21

  22. Fall 2010 CS 334: Computer Security 22

  23. S-boxes There are four more Fall 2010 CS 334: Computer Security 23

  24. DES Round Structure Fall 2010 CS 334: Computer Security 24

  25. Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes – outer bits 1 & 6 ( row bits) considered 2-bit number that selects row – inner bits 2-5 ( col bits) considered 4-bit number that selects column. – Decimal number in table is converted to binary and that gives the four output bits – result is 8 lots of 4 bits, or 32 bits • row selection depends on both data & key – feature known as autoclaving (autokeying) Fall 2010 CS 334: Computer Security 25

  26. DES Key Schedule • forms subkeys used in each round • consists of: – initial permutation of the key (PC1) which selects 56- bits in two 28-bit halves – 16 stages consisting of: • selecting 24-bits from each half • permuting them by PC2 for use in function f, • rotating each half separately either 1 or 2 places depending on the key rotation schedule K Fall 2010 CS 334: Computer Security 26

  27. Fall 2010 CS 334: Computer Security 27

  28. Fall 2010 CS 334: Computer Security 28

  29. DES Decryption • decrypt must unwind steps of data computation • with Feistel design, do encryption steps again • using subkeys in reverse order (SK16 … SK1) • note that IP undoes final FP step of encryption • 1st round with SK16 undoes 16th encrypt round • …. • 16th round with SK1 undoes 1st encrypt round • then final FP undoes initial encryption IP • thus recovering original data value Fall 2010 CS 334: Computer Security 29

Recommend

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu Iwata Nagoya University, Japan FSE 2020 November 913, 2020, Virtual 1 / 19 Block Ciphers block cipher (BC) E : K { 0 , 1 } n { 0

530 views • 24 slides
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the ciphertext block C i = E K ( M i ), and the results are concatenated to the

334 views • 8 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

1 B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n is called a block cipher . The positive integer n denotes the block size ( block length ). 3 B.25 Remark and Convention The encryption

709 views • 67 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A function E : {0, 1} k {0, 1} n

553 views • 32 slides
T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES 3.3 IDEA 3.4 AES Kaufman et al: Chapter 3 Stallings: Chapters 3, 5 1 Block ciphers Confidentiality primitive Threat: recover the plaintext

774 views • 15 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 15, 2016 Announcements Project due Sept 20 Recall: Block cipher A function E : {0, 1} k {0, 1} n {0, 1} n . Once

417 views • 30 slides
T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher confidentiality modes of operation Kaufman et al: Ch 4 Stallings: Ch 6, Ch 3 1 Stream ciphers Stream ciphers are generally faster than block

535 views • 12 slides
Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Block ciphers with non-standard sizes Choosing uniformly a random permutation P ERMUTATOR Sampling following the Hypergeometric Distribution Security Analysis Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1

550 views • 23 slides
Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of block ciphers. 1 Block Ciphers and Stream Ciphers A one-key cipher is a 5-tuple ( M , C , K , E k , D k ) , where M , C , K are respectively the

461 views • 12 slides
How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

Introduction Cryptology Basics Detection Cryptanalysis The Word Case The Excel Case Conclusion How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and Break them Eric Filiol, filiol@esiea.fr ESIEA -

808 views • 64 slides
Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks Properties of Secure Ciphers Components of Block Ciphers Classes of Block Ciphers DES AES Secure Communication using

606 views • 27 slides
Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2

Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2

Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2 Subspaces in block ciphers 3 From subspace trails to invariant subspaces in Simpira 4 Zero-di ff erence cryptanalysis of AES Preliminaries Block

2.18k views • 146 slides
Two ways of building round functions for block ciphers Joan Daemen Radboud University ibenik

Two ways of building round functions for block ciphers Joan Daemen Radboud University ibenik

Two ways of building round functions for block ciphers Joan Daemen Radboud University ibenik summer school 2016 1 / 44 Outline 1 Block ciphers and statistical attacks 2 Correlation basics 3 Wide trail strategy: strongly-aligned flavor

620 views • 59 slides
Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation Introduction to Computer Security Announcements Cryptography, symmetric and public-key Hash functions and MACs Stephen McCamant Building a secure

440 views • 11 slides
Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad

Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad

Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad define a secret key (seed) Using the seed generates a byte stream ( Keystream): i-th byte is function only of the key

822 views • 69 slides
Outline Analytic Attacks on Block Ciphers 1 CPSC 418/MATH 318 Introduction to Cryptography

Outline Analytic Attacks on Block Ciphers 1 CPSC 418/MATH 318 Introduction to Cryptography

Outline Analytic Attacks on Block Ciphers 1 CPSC 418/MATH 318 Introduction to Cryptography Linear Cryptanalysis Differential Cryptanalysis Analytic Cryptanalysis of Block Ciphers, Stream Ciphers, Modes of Other Advanced Attacks Operation,

933 views • 11 slides
Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

CS 166: Information Security Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers & Block Ciphers Stream ciphers based on the one-time pad Block ciphers based on codebook ciphers Symmetric

650 views • 52 slides
Block Ciphers Chester Rebeiro IIT Madras CR CR STINSON : chapters 3 Block Cipher K D K E

Block Ciphers Chester Rebeiro IIT Madras CR CR STINSON : chapters 3 Block Cipher K D K E

Block Ciphers Chester Rebeiro IIT Madras CR CR STINSON : chapters 3 Block Cipher K D K E untrusted communicaGon link Alice Bob E D #%AR3Xf34^$ A?ack at Dawn!! decrypGon encrypGon (ciphertext) message A?ack at Dawn!!

1.71k views • 143 slides

More recommend