blockcipher security notions
play

Blockcipher Security Notions Martijn Stam Department of Computer - PowerPoint PPT Presentation

Jul 22, 2023 •32 likes •882 views

1 / 24 Blockcipher Security Notions Martijn Stam Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB United Kingdom. Sibenik, 7 June 2016 Basic Syntax of Blockciphers DES

  1. 1 / 24 Blockcipher Security Notions Martijn Stam Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB United Kingdom. ˇ Sibenik, 7 June 2016

  2. Basic Syntax of Blockciphers DES and AES 2 / 24 Data Encryption Standard (DES) An Early Blockcipher 1970s: DES provided the first FIPS standard for a blockcipher It takes as input: a 56-bit string k called the key a 64-bit string x called the plaintext or input block. and outputs a 64-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← DES k ( x ) then x ← DES − 1 k ( y )

  3. Basic Syntax of Blockciphers DES and AES 3 / 24 Advanced Encryption Standard (AES) A Modern Blockcipher Turn of Century: NIST approves AES as successor of DES. AES - 128 takes as input: a 128 -bit string k called the key a 128-bit string x called the plaintext or input block. and outputs a 128-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← AES k ( x ) then x ← AES − 1 k ( y )

  4. Basic Syntax of Blockciphers DES and AES 4 / 24 Advanced Encryption Standard (AES) A Modern Blockcipher Turn of Century: NIST approves AES as successor of DES. AES - 192 takes as input: a 192 -bit string k called the key a 128-bit string x called the plaintext or input block. and outputs a 128-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← AES k ( x ) then x ← AES − 1 k ( y )

  5. Basic Syntax of Blockciphers DES and AES 5 / 24 Advanced Encryption Standard (AES) A Modern Blockcipher Turn of Century: NIST approves AES as successor of DES. AES - 256 takes as input: a 256 -bit string k called the key a 128-bit string x called the plaintext or input block. and outputs a 128-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← AES k ( x ) then x ← AES − 1 k ( y )

  6. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where K is the set of keys, X the set of plaintext blocks

  7. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where K is the set of keys, X the set of plaintext blocks Notation for blockciphers Block ( K , X ) denotes the set of all possible blockciphers of given dimensions Perm ( X ) denotes the set of all permutations on X .

  8. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Notation for E ∈ Block ( K , X ) Let k ∈ K we write E k ( · ) for E(k , · ). As E k ∈ Perm ( X ) it has an inverse E − 1 or D k k y

  9. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Notation for E ∈ Block ( K , X ) Let k ∈ K we write E k ( · ) for E(k , · ). As E k ∈ Perm ( X ) it has an inverse E − 1 or D k k y For all k ∈ K , x ∈ X : D k (E k ( x )) = E k (D k ( x )) = x

  10. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Using bitstrings as inputs K = { 0 , 1 } K for some key-length K ∈ ◆ X = { 0 , 1 } n for some block-length n. y

  11. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Using bitstrings as inputs K = { 0 , 1 } K for some key-length K ∈ ◆ X = { 0 , 1 } n for some block-length n. y DES has n = 64 and k = 56; AES has n = 128 and k ∈ { 128 , 192 , 256 }

  12. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? What security would you expect from a blockcipher? x E k y

  13. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k y

  14. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k learn plaintexts! y

  15. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k learn plaintexts! predict ciphertexts! y

  16. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k learn plaintexts! predict ciphertexts! distinguish its output from random! y

  17. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! predict ciphertexts! distinguish its output from random! y

  18. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! Which plaintexts? predict ciphertexts! distinguish its output from random! y

  19. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! Which plaintexts? predict ciphertexts! In what context? distinguish its output from random! y

  20. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! Which plaintexts? predict ciphertexts! In what context? distinguish its output from random! Random in what sense? y

  21. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x More precise definitions are needed, that highlight what an adversary can do and tries to achieve take into account the context in which the E k blockcipher is used y

  22. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x More precise definitions are needed, that highlight what an adversary can do and tries to achieve take into account the context in which the E k blockcipher is used ...so useful conclusions for real world applications can be drawn. y

  23. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication Hi E k E k I’m here Anna Bob Bye Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages;

  24. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication Hi E k E k I’m here Anna Bob Bye Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages; The content of the messages should remain hidden from Eve;

  25. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication yWj E k E k s 5Yc6sdf Anna Bob Flan Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages; The content of the messages should remain hidden from Eve;

  26. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication yWj E k E k s 5Yc6sdf Anna Bob Flan Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages; The content of the messages should remain hidden from Eve; Adversary Eve can see but not modify the transmissions.

  27. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key;

  28. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key; They both like the same blockcipher

  29. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key; They both like the same blockcipher Anna swims in a pool

  30. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key; They both like the same blockcipher Anna swims in a pool of randomness

  31. Basic Security of Blockciphers Blockcipher Use Scenario 9 / 24 Confidentiality of a single 3-block message CTR Encryption IV IV + 1 IV + 2 IV + 3 E k E k E k m 1 m 2 m 3 c 0 c 1 c 2 c 3

Recommend

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata Ibaraki University March 17, 2006 Fast Software Encryption, FSE 2006, Graz, Austria, March 1517, 2006 Blockcipher Modes Algorithms

1.42k views • 30 slides
Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth

Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth

Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth Asian Workshop on Symmetric Key Cryptography, 19%22, December 2014, SETS Chennai, India 1 Introduction Blockcipher mode : turning a blockcipher

702 views • 59 slides
On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul

On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul

On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul Nandi 2 , Moti Yung 3 1 National Institute of Standards and Technology (NIST), USA 2 C R Rao AIMSCS, Hyderabad, India 3 Google Inc. and Department of

605 views • 35 slides
Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University

Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University

Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University of Florida) Seth Terashima (Qualcomm Technologies, inc.) What weak bounds? ...from encrypting lots of data Intel Hardware RNG: Single-machine

246 views • 23 slides
The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho Moriai 1 , Tetsu Iwata 2 1 Sony Corporation 2 Nagoya University Direction for designing a new blockcipher Priority for Choosing an algorithm 1.

464 views • 19 slides
New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran & Amit Sahai Princeton University To appear in STOC04 Defining Security Central Problem in Cryptography Understanding what we want and what we

1.13k views • 34 slides
Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017

Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017

Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017 Tokyo, Japan 1 / 11 Outline Secure channels and how they are modeled Security notions for bidirectional channels Analysis of bidirectional

602 views • 39 slides
Advanced security notions for the SSH secure channel: theory and practice Kenny Paterson -

Advanced security notions for the SSH secure channel: theory and practice Kenny Paterson -

Advanced security notions for the SSH secure channel: theory and practice Kenny Paterson - @kennyog Based on joint work with Martin Albrecht, Jean Paul Degabriele and Torben Hansen Information Security Group Overview 1. Introducing SSH 2. SSH

817 views • 52 slides
Objectives Security Notions of MACs NMACs and HMACs CBC-MACs Low Power Ajit Pal

Objectives Security Notions of MACs NMACs and HMACs CBC-MACs Low Power Ajit Pal

Message Authentication Codes (MACs) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Security Notions of MACs NMACs and HMACs

158 views • 12 slides
Security Notions 1

Security Notions 1

Security Notions 1 Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given

1.1k views • 37 slides
White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile

White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile

White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile Delerabl Tancr` Pascal Paillier 1 Matthieu Rivain 1 CryptoExperts 1 , erieure 2 Ecole Normale Sup SAC 2013 Outline 1 What is white-box

406 views • 38 slides
Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography

Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography

ISC conference, September 2009, Pisa, Italy Outline Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography The Theory of Obfuscation Brecht Wyseur (im)possibility results ISC 2009, September 2009

280 views • 3 slides
Consolidating Security Notions in Hardware Masking CHES 2019 Lauren De Meyer, Begl Bilgin,

Consolidating Security Notions in Hardware Masking CHES 2019 Lauren De Meyer, Begl Bilgin,

Consolidating Security Notions in Hardware Masking CHES 2019 Lauren De Meyer, Begl Bilgin, Oscar Reparaz P ROBLEM : SIDE - CHANNEL ANALYSIS S OLUTION : M ASKING P ROBING MODEL [ISW03] Adversary can probe up to intermediate values

885 views • 34 slides
From obfuscation to white-box crypto: relaxation and security notions Matthieu Rivain WhibOx

From obfuscation to white-box crypto: relaxation and security notions Matthieu Rivain WhibOx

From obfuscation to white-box crypto: relaxation and security notions Matthieu Rivain WhibOx 2016, 14 Aug, UCSB What does this program do?

709 views • 66 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Introduction Specification for COFB Hardware Implementation Results of COFB-AES Conclusions References Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure Platform laboratories, Japan) Tetsu Iwata

470 views • 35 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical

457 views • 35 slides
Ideal quasi-normal convergence and related notions y , J . Pratulananda Das , L . Bukovsk

Ideal quasi-normal convergence and related notions y , J . Pratulananda Das , L . Bukovsk

Basic notions Properties of the Ideal and Decompositions Equivalences with classical notions ( I , J )QN, ( I , J )wQN and properties of C p ( X ) I - -covers Ideal quasi-normal convergence and related notions y , J . Pratulananda Das

646 views • 62 slides
The Greek case Basic notions Three are the basic notions taking part into our presentation: WAR

The Greek case Basic notions Three are the basic notions taking part into our presentation: WAR

The use of the internet in Informational War: Propaganda of coverage and coverage of propaganda of the wars in Iraq and Afghanistan- The Greek case Basic notions Three are the basic notions taking part into our presentation: WAR 1.

323 views • 16 slides
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp ESC, Echternach Symmetric Crypto seminar January 11, 2008 Blockcipher plaintext M

576 views • 40 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical

Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical

Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical Institute, Kolkata mridul@isical.ac.in 30th Sept, ASK-2015, NTU, Singapore Symmetric Key Primitives Distinguishing Game Distinguishing a real keyed

588 views • 33 slides
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp Africacrypt 2008, Casablanca, Morocco June 11, 2008 Blockcipher plaintext M key K E

720 views • 37 slides
Notions of Black-Box Reductions, Revisited ASIACRYPT 2013 Paul Baecher, Christina Brzuska, Marc

Notions of Black-Box Reductions, Revisited ASIACRYPT 2013 Paul Baecher, Christina Brzuska, Marc

Notions of Black-Box Reductions, Revisited ASIACRYPT 2013 Paul Baecher, Christina Brzuska, Marc Fischlin Tel Aviv University & Darmstadt University of Technology; supported by DFG Heisenberg and Center For Advanced Security Research

587 views • 42 slides
Databases notions

Databases notions

Databases notions slide 11 Technical context DB advantages DB vocabulary DB data models slide 31 A Reference

259 views • 14 slides

More recommend