chapter 6 contemporary symmetric ciphers
play

Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh - PDF document

May 13, 2023 •483 likes •627 views

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 Why Triple-DES?

  1. CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Lo’ai Tawalbeh Fall 2005 Why Triple-DES? • why not Double-DES? • NOT same as some other single-DES use, but have • meet-in-the-middle attack • works whenever use a cipher twice • since X = E K1 [P] = D K2 [C] • attack by encrypting P with all keys and store • then decrypt C with keys and match X value • can show takes O(2 56 ) steps Dr. Lo’ai Tawalbeh Fall 2005 1

  2. Triple-DES with Two-Keys • hence must use 3 encryptions • would seem to need 3 distinct keys • but can use 2 keys with E-D-E sequence • C = E K1 [D K2 [E K1 [P]]] • nb encrypt & decrypt equivalent in security • if K1=K2 then can work with single DES • no current known practical attacks Dr. Lo’ai Tawalbeh Fall 2005 Triple-DES with Three-Keys • although are no practical attacks on two-key Triple-DES have some indications • can use Triple-DES with Three-Keys to avoid even these • C = E K3 [D K2 [E K1 [P]]] • has been adopted by some Internet applications, eg PGP, S/MIME Dr. Lo’ai Tawalbeh Fall 2005 2

  3. Blowfish • a symmetric block cipher designed by Bruce Schneier in 1993/94 • characteristics • fast implementation on 32-bit CPUs • compact in use of memory • simple structure for analysis/implementation • variable security by varying key size • has been implemented in various products Dr. Lo’ai Tawalbeh Fall 2005 Blowfish Key Schedule •uses a 32 to 448 bit key, 32-bit words stored in K-array K j , j from 1 to 14 • used to generate • 18 32-bit subkeys stored in P array, P 1 … . P 18 • four 8x32 S-boxes stored in S i,j , each with 256 32-bit entries • Subkeys and S-Boxes Generation: 1- initialize P-array and then 4 S-boxes in order using the fractional part of pi P 1 ( left most 32-bit), and so on,,, S 4,255. 2- XOR P-array with key-Array (32-bit blocks) and reuse as needed: assume we have up to k 10 then P 10 XOR K 10, , P 11 XOR K 1 … P 18 XOR K 8 Dr. Lo’ai Tawalbeh Fall 2005 3

  4. Blowfish: SubKey and S-Boxes -cont. 3- Encrypt 64-bit block of zeros, and use the result to update P 1 and P 2. 4- encrypting output form previous step using current P & S and replace P 3 and P 4 . Then encrypting current output and use it to update successive pairs of P. 5- After updating all P’s (last :P 17 P 18 ), start updating S values using the encrypted output from previous step. • requires 521 encryptions, hence slow in re-keying • Not suitable for limited-memory applications. Dr. Lo’ai Tawalbeh Fall 2005 Blowfish Encryption uses two main operations: addition modulo 2 32 , and XOR • • data is divided into two 32-bit halves L 0 & R 0 for i = 1 to 16 do R i = L i-1 XOR P i ; L i = F[ R i ] XOR R i-1 ; L 17 = R 16 XOR P 18 ; R 17 = L 16 XOR P 17 ; • where F[ a , b , c , d ] = ((S 1, a + S 2,b ) XOR S 3,c ) + S 4,d Dr. Lo’ai Tawalbeh Fall 2005 4

  5. Blowfish Encryption/Decryption Dr. Lo’ai Tawalbeh Fall 2005 Blowfish Encryption Dr. Lo’ai Tawalbeh Fall 2005 5

  6. Discussion • key dependent S-boxes and subkeys, generated using cipher itself, makes analysis very difficult • changing both halves in each round increases security • provided key is large enough, brute-force key search is not practical, especially given the high key schedule cost Dr. Lo’ai Tawalbeh Fall 2005 RC5 • can vary key size / data size / variable rounds • very clean and simple design • easy implementation on various CPUs • yet still regarded as secure Dr. Lo’ai Tawalbeh Fall 2005 6

  7. RC5 Ciphers • RC5 is a family of ciphers RC5-w/r/b • w = word size in bits (16/32/64). Encrypts 2w data blocks • r = number of rounds (0..255) • b = number of bytes in the key (0..255) • nominal version is RC5-32/12/16 • ie 32-bit words so encrypts 64-bit data blocks • using 12 rounds • with 16 bytes (128-bit) secret key Dr. Lo’ai Tawalbeh Fall 2005 RC5 Key Expansion • RC5 uses t=2r+2 subkey words (w-bits) • subkeys are stored in array S[i] , i=0..t-1 • then the key schedule consists of • initializing S to a fixed pseudorandom value, based on constants e and phi • the byte key is copied into a c-words array L • a mixing operation then combines L and S to form the final S array Dr. Lo’ai Tawalbeh Fall 2005 7

  8. RC5 Key Expansion Dr. Lo’ai Tawalbeh Fall 2005 RC5 Encryption • Three main operations: + mod 2 w , XOR, circular left shift <<<, and there inverses used. • split input into two halves A & B (w-bits each) L 0 = A + S[0]; R 0 = B + S[1]; for i = 1 to r do L i = (( L i-1 XOR R i-1 ) <<< R i-1 ) + S[2 x i ]; R i = (( R i-1 XOR L i ) <<< L i ) + S[2 x i + 1]; • each round is like 2 DES rounds • note rotation is main source of non-linearity • need reasonable number of rounds (eg 12-16) Dr. Lo’ai Tawalbeh Fall 2005 8

  9. RC5 Encryption Dr. Lo’ai Tawalbeh Fall 2005 RC5 Modes • 4 modes used by RC5: • RC5 Block Cipher, is ECB mode • RC5-CBC, is CBC mode • RC5-CBC-PAD, is CBC with padding by bytes with value being the number of padded bytes • RC5-CTS, a variant of CBC which is the same size as the original message, uses ciphertext stealing to keep size same as original Dr. Lo’ai Tawalbeh Fall 2005 9

  10. RC5 Modes-Ciphertext Stealing (CTS) mode Dr. Lo’ai Tawalbeh Fall 2005 Block Cipher Characteristics • features seen in modern block ciphers are: • variable key length / block size / rounds • mixed operators, data/key dependent rotation • key dependent S-boxes • more complex key scheduling • operation of full data in each round • varying non-linear functions Dr. Lo’ai Tawalbeh Fall 2005 10

  11. Stream Ciphers • process the message bit by bit (as a stream) • typically have a (pseudo) random stream key • combined (XOR) with plaintext bit by bit • randomness of stream key completely destroys any statistical properties in the message • C i = M i XOR StreamKey i • what could be simpler!!!! • but must never reuse stream key • otherwise can remove effect and recover messages Dr. Lo’ai Tawalbeh Fall 2005 Stream Cipher Properties • some design considerations are: • long period with no repetitions • statistically random • depends on large enough key • confusion • diffusion • use of highly non-linear boolean functions Dr. Lo’ai Tawalbeh Fall 2005 11

  12. RC4 • Designed in 1987 as a proprietary cipher owned by RSA • simple but effective, widely used: (SSL/TLS standards) • variable key size (1 to 256 bytes), byte-oriented stream cipher • key forms random permutation of all 8-bit values • uses that permutation to scramble input info processed a byte at a time • fast Software implementations. Dr. Lo’ai Tawalbeh Fall 2005 RC4 Key Schedule • starts with an array S of numbers: S[0]=0, …S[255] =255 • Also initialize T with the key. T[i]= K[ i mod keylength] • use key to well and truly shuffle • S forms internal state of the cipher • given a key k of length l bytes for i = 0 to 255 do S[i] = i j = 0 for i = 0 to 255 do j = (j + S[i] + k[i mod l]) (mod 256) swap (S[i], S[j]) Dr. Lo’ai Tawalbeh Fall 2005 12

  13. RC4 Encryption • encryption continues shuffling array values • sum of shuffled pair selects "stream key" value • XOR with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t] Dr. Lo’ai Tawalbeh Fall 2005 RC4 Security • claimed secure against known attacks • have some analyses, none practical • result is very non-linear • since RC4 is a stream cipher, must never reuse a key Dr. Lo’ai Tawalbeh Fall 2005 13

  14. Summary • have considered: • some other modern symmetric block ciphers • Triple-DES • Blowfish • RC5 • briefly introduced stream ciphers • RC4 Dr. Lo’ai Tawalbeh Fall 2005 14

Recommend

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric Algorithms Encryption and Decryption use the same key i.e. K E = K D Examples: Block Ciphers : DES, AES, PRESENT, etc. Stream

534 views • 40 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Definition of Symmetric Types of Symmetric Key ciphers

452 views • 23 slides
Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &amp;

Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &amp;

CS 166: Information Security Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &amp; Block Ciphers Stream ciphers based on the one-time pad Block ciphers based on codebook ciphers Symmetric

650 views • 52 slides
Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks Properties of Secure Ciphers Components of Block Ciphers Classes of Block Ciphers DES AES Secure Communication using

606 views • 27 slides
B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

1 B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers Normally, stream ciphers are symmetric algorithms with encryption = decryption In this course we only consider symmetric stream ciphers.

828 views • 44 slides
RSA and Public Key Cryptography Chester Rebeiro IIT Madras CR CR STINSON : chapter 5, 6

RSA and Public Key Cryptography Chester Rebeiro IIT Madras CR CR STINSON : chapter 5, 6

RSA and Public Key Cryptography Chester Rebeiro IIT Madras CR CR STINSON : chapter 5, 6 Ciphers Symmetric Algorithms EncrypAon and DecrypAon use the same key i.e. K E = K D Examples: Block Ciphers : DES, AES, PRESENT, etc.

1.26k views • 114 slides
Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and their applications are the primary focus

521 views • 5 slides
The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair

The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair

Online Cryptography Course Dan Boneh Stream ciphers The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs ( E , D ) where E is often

880 views • 83 slides
RSA and Public Key Cryptography Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter

RSA and Public Key Cryptography Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter

RSA and Public Key Cryptography Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 5, 6 Ciphers Symmetric Algorithms Encryption and Decryption use the same key i.e. K E = K D Examples: Block Ciphers : DES, AES,

1.19k views • 104 slides
Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren Rinne, Thomas Eisenbarth, and Christof Paar Horst Grtz Institute for IT Security Ruhr-Universitt Bochum, Germany 11.06.2007 SPEED Workshop,

469 views • 18 slides
Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm, Fri 11am and one exercise

239 views • 12 slides
Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

882 views • 62 slides
Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

794 views • 62 slides
Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified algorithm originally designed for the NSA-sponsored Clipper chip declassified in 1998 32 rounds, breakable with 31 rounds 80 bit key, inadequate

464 views • 12 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for

CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for

CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for Research on Computation and Society Harvard University October 3, 2005 1 Administrivia 1. LiveJournal everybody okay? 2. HW1 Checkpoint 3.

450 views • 42 slides
Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation Introduction to Computer Security Announcements Cryptography, symmetric and public-key Hash functions and MACs Stephen McCamant Building a secure

440 views • 11 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
The One Time Pad Dan Boneh Symmetric Ciphers: defini&lt;on

The One Time Pad Dan Boneh Symmetric Ciphers: defini&lt;on

Online Cryptography Course

249 views • 14 slides

More recommend