permutation based symmetric cryptography and keccak
play

Permutation-based symmetric cryptography and Keccak Joan Daemen 1 - PowerPoint PPT Presentation

Dec 22, 2022 •167 likes •695 views

. .. . .. . . .. . . .. . . .. . . . .. . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based symmetric cryptography and Keccak Joan Daemen 1 joint work with . .. . . . . .. .

  1. . .. . .. . . .. . . .. . . .. . . . .. . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based symmetric cryptography and Keccak Joan Daemen 1 joint work with . .. . . . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. Ecrypt II, Crypto for 2020, Tenerife, January 22 to 24, 2013 Guido Bertoni 1 , Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors

  2. . . . . .. . . .. . . .. . . .. . . .. .. . . 3 6 Keccak 5 Requirements for the permutation 4 On the efficiency of permutation-based cryptography Permutation-based cryptography .. 2 Mainstream symmetric cryptography 1 Outline Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . . .. .. .. .. . . .. . . . . . .. . . .. . . . .. . . . .. . . .. . .. . . . .. . . .. . Conclusions

  3. . .. .. . . .. . . . . . .. . . .. . . .. .. Block ciphers Keyed: MAC functions Non-keyed Hash functions Self-synchronizing Synchronous Stream ciphers Symmetric cryptographic primitives: . Symmetric crypto: what textbooks and intro’s say Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . .. . . . .. . . . .. . . .. . . .. . . .. . . .. . . .. .. . . .. . . . .. . .. . . .. . . And their modes-of-use

  4. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography The hash function cliché .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . Hash functions:

  5. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography The hash function cliché Hash functions: .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . But MD5, SHA-1, etc.: just block ciphers in some mode

  6. . .. . . .. . . .. . . .. . . .. . . . . You can do everything with a block cipher Hashing and its modes HMAC, MGF1, … MAC computation: CBC-MAC, C-MAC, … self-synchronizing: CFB synchronous: counter mode, OFB, … Stream encryption: Block encryption: ECB, CBC, … Mainstream symmetric cryptography . Permutation-based symmetric cryptography and Keccak . .. . . .. .. . .. . . . .. . . .. . . .. . . .. . . .. . .. . . . .. . . .. . .. .. . . .. . . Authenticated encryption: OCB, GCM, CCM …

  7. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography Seems like this is closer to the truth nowadays .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . Block cipher:

  8. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Block cipher operation

  9. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Block cipher operation: the inverse

  10. . .. .. . . .. . . . . . .. . . .. . . .. .. Block encryption: ECB, CBC, … Most schemes with misuse-resistant claims Authenticated encryption: OCB, GCM, CCM … MAC computation: CBC-MAC, C-MAC, … self-synchronizing: CFB synchronous: counter mode, OFB, … Stream encryption: Hashing and its modes HMAC, MGF1, … . Indicated in red: When do you need the inverse? Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . .. . . . .. . . . .. . . .. . . .. . . .. . . .. . . .. .. . . .. . . . .. . .. . . .. . . So for most uses you don’t need the inverse!

  11. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Internals of a typical block cipher

  12. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Hashing use case: Davies-Meyer compression function

  13. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Removing unnecessary diffusion restriction

  14. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Mainstream symmetric cryptography . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Simplifying the view: iterated permutation

  15. . .. .. . . .. . . . . . .. . . .. . . .. .. Hashing and its modes HMAC, MGF1, … Authenticated encryption: OCB, GCM, CCM … MAC computation: CBC-MAC, C-MAC, … self-synchronizing: CFB synchronous: counter mode, OFB, … Stream encryption: Block encryption: ECB, CBC, … In all modes but those in red: . Where can you plug in a permutation? Mainstream symmetric cryptography Permutation-based symmetric cryptography and Keccak . .. . . . .. . . . .. . . .. . . .. . . .. . . .. . . .. .. . . .. . . . .. . .. . . .. . . But also nice opportunity to clean up the modes!

  16. . . . . .. . . .. . . .. . . .. . . .. .. . . 3 6 Keccak 5 Requirements for the permutation 4 On the efficiency of permutation-based cryptography Permutation-based cryptography .. 2 Mainstream symmetric cryptography 1 Outline Permutation-based cryptography Permutation-based symmetric cryptography and Keccak . . .. .. .. .. . . .. . . . . . .. . . .. . . . .. . . . .. . . .. . .. . . . .. . . .. . Conclusions

  17. . . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography The sponge construction efficiency: processes r bits per call to f .. . . .. . . .. . . .. . . .. . . .. . . .. . . . .. . . .. . . .. . . .. . Flexibility in trading rate r for capacity c or vice versa f : a b -bit permutation with b = r + c security: provably resists generic attacks up to 2 c / 2

  18. . . . . .. . . .. . . .. . . .. . . .. .. . . Security for a specific choice of f Hermetic Sponge Strategy tight claim: no attacks better than generic attacks Security claim: target for attacks assurance by absence of attacks despite public scrutiny design f with attacks in mind security proof is infeasible limitation: inner collisions in c -bit inner part .. tight: as sound as theoretically possible assuming f has been chosen randomly Proof of security against generic attacks: What can we say about sponge security Permutation-based cryptography Permutation-based symmetric cryptography and Keccak . . .. .. .. .. . . .. . . . . . .. . . .. . . . .. . . . .. . . .. . .. . . . .. . . .. . weaker claims relax conditions on f

  19. . . .. . . .. . . .. . . .. . . .. . .. . . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography Regular hashing Pre-sponge permutation-based hash functions Truncated permutation as compression function: Snefru [Merkle ’90] , FFT-Hash [Schnorr ’90] , …MD6 [Rivest et al. 2007] Streaming-mode: Subterranean , Panama , RadioGatún , . .. .. .. . . .. . . .. . . .. . . .. . . . . . . .. . . .. . . .. . . .. . . .. , Thomsen, 2007] , … Grindahl [Knudsen, Rechberger

  20. . . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography Message authentication codes Pre-sponge (partially) permutation-based MAC function: .. . .. . . . .. . . .. . . .. . . .. . .. .. . . .. . . .. . . .. . . .. . . Pelican-MAC [Daemen, Rijmen 2005]

  21. . . .. . . .. . . .. . . .. . . .. . .. . . . .. . . .. . Permutation-based symmetric cryptography and Keccak Permutation-based cryptography Stream encryption Similar to block cipher modes: Long keystream per IV: like OFB Short keystream per IV: like counter mode Independent permutation-based stream ciphers: Salsa and . .. .. .. . . .. . . .. . . .. . . .. . . . . . . .. . . .. . .. . . . .. . . .. ChaCha [Bernstein 2007]

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with CIoT 2012, Antwerp,

Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with CIoT 2012, Antwerp,

. . . . . . Permutation Based Cryptography for IoT Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with CIoT 2012, Antwerp, November 21 Joan Daemen 1 , Michal Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP

755 views • 41 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January

Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January

Key Wrapping with the Keccak Permutation Dmitry Khovratovich University of Luxembourg 17 January 2013 Key Wrapping Key wrap problem Multi-user system (e.g., industrial VPN): Many keys in use; Need of regular update; New session key

578 views • 29 slides
Innovations in symmetric cryptography Joan Daemen STMicroelectronics, Belgium SSTIC, Rennes, June

Innovations in symmetric cryptography Joan Daemen STMicroelectronics, Belgium SSTIC, Rennes, June

Innovations in symmetric cryptography Joan Daemen STMicroelectronics, Belgium SSTIC, Rennes, June 5, 2013 1 / 46 Outline 1 The origins 2 Early work 3 Rijndael 4 The sponge construction and Keccak 5 Conclusions 2 / 46 The origins

762 views • 59 slides
Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 1 STMicroelectronics

Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 1 STMicroelectronics

Permutation-based cryptography for the Internet of Things Gilles Van Assche 1 1 STMicroelectronics 2 Radboud University RIOT Summit 2017 Berlin, September 25-26, 2017 1 / 56 Joint work with Guido Bertoni, Joan Daemen 1 , 2 , Seth Hoffert,

871 views • 65 slides
New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu Nanyang Technological University, Singapore Shanghai Jiao Tong University, China 3-Round Di ff erential Trail Core Search of Keccak Permutation 1 / 21

392 views • 21 slides
SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Crypto summer school

SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Crypto summer school

SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Crypto summer school ibenik, Croatia, June 1-6, 2014 1 / 49 Guido Bertoni 1 , Michal Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Outline

682 views • 56 slides
The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work

The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work

The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work with Alex Biryukov November 18, 2017 Cryptacus Workshop Taken from a document writen originally in English. The programming of billions of processors

903 views • 75 slides
Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography SHA-1 SHA-3 (Keccak) Hash Functions, SHA-3, Message Authentication Codes 2 Sponge Construction Keccak Overview Renate Scheidler Keccak

888 views • 14 slides
Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido

Keccak From: 1.The Keccak reference 2. Keccak and the SHA-3 Standardization written by ! Guido Bertoni (STMicroelectronics) , ! Joan Daemen (STMicroelectronics) , ! Michal Peeters (NXP Semiconductors) , ! Gilles Van Assche

488 views • 26 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2

Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2

Keccak Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Eurocrypt 2013 Athens, Greece, May 28th, 2013 1 / 57 Symmetric crypto: what textbooks and intros say Symmetric

915 views • 67 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
Homomorphisms on Noncommutative Symmetric Functions and Permutation Enumeration Yan Zhuang

Homomorphisms on Noncommutative Symmetric Functions and Permutation Enumeration Yan Zhuang

Introduction Three Basic Homomorphisms Homomorphisms from Shuffle-Compatibility Homomorphisms on Noncommutative Symmetric Functions and Permutation Enumeration Yan Zhuang Department of Mathematics and Computer Science Davidson College July

643 views • 50 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Quantum-secure symmetric-key cryptography based on Hidden Shifts Gorjan Alagic Alexander Russell

Quantum-secure symmetric-key cryptography based on Hidden Shifts Gorjan Alagic Alexander Russell

Quantum-secure symmetric-key cryptography based on Hidden Shifts Gorjan Alagic Alexander Russell QMATH, Department of Mathematical Sciences Department of Computer Science & Engineering University of Copenhagen University of Connecticut

418 views • 21 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides

More recommend