Lecture 3 Encryption Suggested Readings: • Chs 3 & 4 in KPS (recommended) • Ch 3 in Stinson (optional) 1
Encryp Enc yption n Princ ncipl ples • A cryptosystem has (at least) five ingredients: – Plaintext – Secret Key – Ciphertext – Encryption Algorithm – Decryption Algorithm • Security usually depends on the secrecy of the key, not the secrecy of the algorithms 2
Cr Cryp ypto Ba Basi sics 3
Average Ti Time Required fo for Exha Exhaus ustive Ke Key Sear earch (f (for Bru Brute Fo Force Atta ttacks) ) Key Size Number of Time required at 10 6 (bits) Alternative Keys Decr/µs 2 32 = 4.3 x 10 9 32 2.15 milliseconds 2 56 = 7.2 x 10 16 56 10 hours 128 2 128 = 3.4 x 10 38 5.4 x 10 18 years 168 2 168 = 3.7 x 10 50 5.9 x 10 30 years 4
Ty Types of Attainable Security • Perfect, unconditional or “information theoretic”: the security is evident free of any (computational/hardness) assumptions • Reducible or “provable”: security can be shown to be based on some common (often unproven) assumptions, e.g., the conjectured difficulty of factoring large integers • Ad hoc: the security seems good often -> “snake oil”… Take a look at: http://www.ciphersbyritter.com/GLOSSARY.HTM 5
Comp Co mputational Se Securi rity • Encryption scheme is computationally secure if – cost of breaking it (via brute force) exceeds the value of the encrypted information; or – time required to break it exceeds useful lifetime of the encrypted information • Most modern schemes we will see are considered computationally secure – Usually rely on very large key-space, impregnable to brute force • Most advanced schemes rely on lack of knowledge of effective algorithms for certain hard problems, not on a proven inexistence of such algorithms (reducible security)! – Such as: factoring, discrete logarithms, etc. 6
Cr Cryp yptosystems ms Classified along three dimensions: • Type of operations used for transforming plaintext into ciphertext – Binary arithmetic: shifts, XORs, ANDs, etc. • Typical for conventional (or symmetric) encryption – Integer arithmetic • Typical for public key (or asymmetric) encryption • Number of keys used – Symmetric or conventional (single key used) – Asymmetric or public key (2 keys: 1 to encrypt, 1 to decrypt) • How plaintext is processed: – One bit at a time – A string of any length – A block of bits 7
Co Conventional (S (Symme ymmetri ric) ) Cr Cryp yptography K AB K AB decryption encryption ciphertext plaintext plaintext algorithm algorithm m m = K ( ) K (m) K (m) AB AB AB • Alice and Bob share a key K AB which they somehow agree upon (how?) • key distribution / key management problem • ciphertext is roughly as long as plaintext • examples: Substitution, Vernam OTP, DES, AES 8
Us Uses es of Conven entio tional al Cryptograp aphy • Message Transmission (confidentiality): • Communication over insecure channels • Secure Storage: crypt on Unix • Strong Authentication: proving knowledge of a secret without revealing it: • See next slide • Eve can obtain chosen <plaintext, ciphertext> pair • Challenge should be chosen from a large pool • Integrity Checking: fixed-length checksum for message via secret key cryptography • Send MAC along with the message MAC=H(m,K) 9
Challenge-Re Ch Response Authentication Ex Exampl ple K AB K AB r a challenge K AB (r a ) challenge reply r b challenge K AB (r b ) challenge reply 10
Co Conventional Cr Cryp yptography Ø Advantages l high data throughput l relatively short key size l primitives to construct various cryptographic mechanisms Ø Disadvantages l key must remain secret at both ends l key must be distributed securely and efficiently l relatively short key lifetime 11
Public Key Crypto Pu tography • Asymmetric Cryptography • Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir-Adleman) • Two keys: private (SK), public (PK) • Encryption: with public key; • Decryption: with private key • Digital Signatures: Signing by private key; Verification by public key. i.e., “encrypt” message digest/hash -- h ( m ) -- with private key • Authorship (authentication) • Integrity: Similar to MAC • Non-repudiation: cannot do with secret key cryptography • Much slower (~1000x) than conventional cryptography • Often used together with conventional cryptography, e.g., to encrypt session keys 12
Ge Genesis is of of P Public Ke Key Cryptography: Dif Diffie ie- Hellm Hellman an Paper aper 13
Public Key Crypto Pu tography Bob’s public key Bob’s private key PK B SK B encryption decryption plaintext ciphertext plaintext algorithm algorithm message, m message PK (m) B m = SK ( PK (m) ) B B 14
Us Uses es of Public lic Key Cryptograp aphy • Data Transmission (confidentiality): • Alice encrypts m a using PK B , Bob decrypts it to obtain m a using SK b . • Secure Storage: encrypt with own public key, later decrypt with own private key • Authentication: • No need to store secret s , only need public keys. • Secret key cryptography: need to share secret key for every person one communicates with • Digital Signatures (authentication, integrity, non- repudiation) 15
Pu Public Key Crypto tography Ø Advantages l only the private key must be kept secret l relatively long life time of the key l more security services l relatively efficient digital signatures mechanisms Ø Disadvantages l low data throughput l much larger key sizes l distribution/revocation of public keys l security based on conjectured hardness of certain computational problems 16
Co Comp mpari riso son Su Summa mmary Ø Public Key l Encryption, signatures (esp., non-repudiation) and key management Ø Conventional l Encryption and some data integrity applications Ø Key Sizes l Keys in public key crypto must be larger ( e.g., 2048 bits for RSA ) than those in conventional crypto ( e.g., 112 bits for 3-DES or 256 bits for AES ) • most attacks on “good” conventional cryptosystems are exhaustive key search (brute force) • public key cryptosystems are subject to “short-cut” attacks (e.g., factoring large numbers in RSA) 17
“M “Moder dern” n” Block Cipher phers Da Data E a Encr cryptio ion S Stan andar ard ( (DE DES)
Ge Generic ic Ex Exampl mple of of Block k Encryp yption 20
Fe Feistel Ci Cipher St Stru ructure • Virtually all conventional block encryption algorithms, including DES, have a structure first described by Horst Feistel of IBM in 1973 • Specific realization of a Feistel Network depends on the choice of the following parameters and features: 20
Fe Feistel Ci Cipher St Stru ructure • Block Size: larger block sizes mean greater security • Key Size: larger key size means greater security • Number of Rounds: multiple rounds offer increasing security • Subkey Generation Algorithm: greater complexity will lead to greater difficulty of cryptanalysis • Fast Software En/De-cryption: speed of execution of the algorithm becomes a concern 21
Cl Classi ssic Fe Feistel Ne Network “Round Keys” are generated from original key via subkey generation algorithm 22
Bl Block k Ci Ciphers • Originated with early 1970's IBM effort to develop banking security systems • First result was Lucifer, most common variant has 128- bit key and block size • Was not secure in any of its variants • Called a Feistel or product cipher • F()-function is a simple transformation, does not have to be reversible • Each step is called a round; the more rounds, the greater the security (to a point) • Most famous example of this design is DES 23
Co Conventional Enc Encryp yption St Standard • Data Encryption Standard (DES) • Most widely used encryption method (AES is probably taking over by now) • Block cipher (in native ECB mode) • Plaintext processed in 64-bit blocks • Key is 56 bits 24
Data Da a Enc Encryp yption St Standard (DES) S) • 64 bit input block • 64 bit output block • 16 rounds • 64 (effective 56) bit key • Key schedule computed at startup • Aimed at bulk data • > 16 rounds does not help • > 56 bit key does not help • Other S-boxes usually hurt … 25
Ba Basi sic St Stru ructure of of DE DES 26
Enc Encryp yption vs vs De Decr cryptio ion in in DE DES 27
DES S DE System Encryption Process Key Schedule 64 Bit Plaintext 64 Bit Key Initial Permutation Permutation Choice 1 Building 32 Bit L 0 32 Bit R 0 56 Bit Key Blocks + F(R 0 ,K 1 ) 28 Bit C 0 28 Bit D 0 Left Shift Right Shift 32 Bit L 1 32 Bit R 1 K 1 (48 bits) C 1 D 1 32 Bit L 15 32 Bit R 15 Permuted Choice 2 + F(R 15 ,K 16 ) C 16 D 16 K 16 (48 bits) 32 Bit L 16 32 Bit R 16 Permuted Choice 2 Final Permutation 64 Bit Ciphertext 27
Functio Func tion n F L i-1 R i-1 32 bits 32 bits 56 bits Key Permuted Choice Expansion (E) 48 bits Permutation 48 bits S-Box Substitution choses 32 bits P-box Permutation L i R i 32 bits 32 bits 28
DE DES S Substit itutio ion B Boxes O Operatio ion 30 29
Op Operation Tables s of f DES (I (IP, , IP -1 , , E E and P) 31 30
32 31
33 32
Recommend
More recommend
