symmetric key ciphers
play

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor - PDF document

Mar 25, 2023 •203 likes •452 views

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Definition of Symmetric Types of Symmetric Key ciphers

  1. Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives • Definition of Symmetric Types of Symmetric Key ciphers – Modern Block Ciphers • Full Size and Partial Size Key Ciphers • Components of a Modern Block Cipher – PBox (Permutation Box) – SBox (Substitution Box) – Swap – Properties of the Exclusive OR operation • Diffusion and Confusion • Types of Block Ciphers: Feistel and non-Feistel ciphers D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 1

  2. Symmetric Key Setting Communication Message Message Channel E D K a K b Bob Alice Assumptions Eve K a is the encryption key, K b is the decryption key. For symmetric key ciphers, K a =K b - Only Alice and Bob knows K a (or K b ) - Eve has access to E, D and the Communication Channel but does not know the key K a (or K b ) Types of symmetric key ciphers • Block Ciphers: Symmetric key ciphers, where a block of data is encrypted • Stream Ciphers: Symmetric key ciphers, where block size=1 D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 2

  3. Block Ciphers Block Cipher • A symmetric key modern cipher encrypts an n bit block of plaintext or decrypts an n bit block of ciphertext. • Padding: – If the message has fewer than n bits, padding must be done to make it n bits. – If the message size is not a multiple of n, then it should be divided into n bit blocks and the last block should be padded. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 3

  4. Full Size Key Ciphers • Transposition Ciphers: – Involves rearrangement of bits, without changing value. – Consider an n bit cipher – How many such rearrangements are possible? • n! – How many key bits are necessary? • ceil[log 2 (n!)] Full Size Key Ciphers • Substitution Ciphers: – It does not transpose bits, but substitutes values – Can we model this as a permutation? – Yes. The n bit inputs and outputs can be represented as 2 n bit sequences, with one 1 and the rest 0’s. This can be thus modeled as a transposition. – Thus it is a permutation of 2 n values, thus needs ceil[log 2 (2 n !)] bits. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 4

  5. Examples • Consider a 3-bit block ciphers. How many bits are needed for the full-size key? – Transposition cipher: ceil(log 2 6)=3 bits. – Substitution cipher: • There are 8!=40,320 possible substitutions • Thus there are ceil(log 2 (40,320))=16 bits – Lots of unused key. Permutation Group • The fact that the full-size key transposition or substitution cipher is a permutation shows cascading is not of use. • This is because permutation forms a group under the composition operation. • Multiple applications of the ciphers has the same effect as a single application of the transformation. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 5

  6. Partial-Size Key Ciphers • Actual ciphers cannot use full size keys, as the size is large. • Block ciphers are substitution ciphers (and not transpositions). Why? • Consider DES, with 64 bit block cipher. – Size of full key= ceil(log 2 (2 64 !)) ≈ 2 70 – Much large compared to 56 bits which is actually used. Is the partial-key cipher a group? • Important, because if yes then again multiple applications of the cipher is useless. • A partial-key cipher is a group if it is a subgroup of the corresponding full key cipher. • It has been proved that the multi-stage DES with a 56 bit key is not a group because no subgroup with 2 56 mappings can be created from the corresponding group with 2 64 ! mappings D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 6

  7. Components of a Modern Block Cipher • Most important components: – PBox: It is a key-less fixed transposition cipher – SBox: It is a key-less fixed substitution cipher • They are used to provide: – Diffusion: it hides the relationship between the ciphertext and the plaintext – Confusion: it hides the relationship between the ciphertext and the key Principle of Confusion and Diffusion • The design principles of Block Cipher depends on these properties • The S-Box is used to provide confusion , as it is dependent on the unknown key • The P-Box is fixed, and there is no confusion due to it • But it provides diffusion • Properly combining these is necessary. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 7

  8. Diffusion (P) Boxes • Straight Boxes 01 15 02 13 06 17 03 19 09 04 21 11 Example 24x24 Box 14 05 12 16 18 07 24 10 23 08 22 20 • Expansion Boxes Example 01 03 02 01 06 17 03 07 09 04 09 11 12x24 Box 02 05 12 04 06 07 12 10 11 08 10 08 • Compression Boxes Example 01 15 02 13 06 17 03 19 09 04 21 11 24x12 Box SBox An SBox (substitution box) is an mxn substitution box, where m and n are not necessarily same. Each output bit is a Boolean function of the inputs. = ( , ,..., ) y f x x x 1 1 1 2 n = ( , ,..., ) y f x x x 2 2 1 2 n ... = ( , ,..., ) y f x x x 1 2 m m n D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 8

  9. Non-linear SBox = ⊕ ⊕ ⊕ ... y a x a x a x 1 11 1 12 2 1 n n = ⊕ ⊕ ⊕ ... y a x a x a x 2 21 1 22 2 2 n n ... = ⊕ ⊕ ⊕ ... y a x a x a x 1 1 2 2 m m m mn n In a non-linear S-Box, each of the elements cannot be expressed as above. Eg. = ⊕ = ⊕ , y x x x y x x x 1 1 3 2 2 1 2 3 Other Components • Circular Shift: – It shifts each bit in an n-bit word k positions to the left. The leftmost k bits become the rightmost bits. – Invertible Transformation • Swap: – A special type of shift operation where k=n/2 • Other operations involve split and combine. • An important component is exclusive-or operation D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 9

  10. Properties of Exor Ex-or is a binary operator, which results in 1 when both the inputs have a different logic. Otherwise , it computes 0 . ⊕ Symbol: Closure: Result of exoring two n bit number s is also n bit s. ⊕ Associati vity : Allows to use more than one ' 's in any order: ⊕ ⊕ = ⊕ ⊕ ( ) ( ) x y z x y z ⊕ = ⊕ Commutavity: x y y x Identity: The identity element is the n bit 0, represented by (00...0)=0 n ⊕ = Thus , 0 n x x In verse: Each word is the additive inverse of itself. ⊕ = Th us, 0 n x x Application of Ex-or Key + + Encryption Decryption • The key is known to both the encryptor and decryptor and helps to recover the plaintext. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 10

  11. A product cipher made of 2 rounds 8 bit plaintext Key Scheduling Algorithm Key Mixer (whitener) K 1 Sbox Sbox Sbox Sbox K 1 2 3 4 8-bit middle text Key Mixer (whitener) K 2 Sbox Sbox Sbox Sbox 1 2 3 4 8 bit ciphertext Diffusion and Confusion 8 bit plaintext + K 1 bit 8 Sbox 4 2 4 + + K 2 bit 2, 4 Sbox Sbox 1 2 1 3 6 7 D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 11

  12. Practical Ciphers • Large data blocks • More S-Boxes • More rounds • These help to improve the diffusion and confusion in the cipher. Two classes of product ciphers • Feistel Ciphers, example DES (Data Encryption Standard) • Non-Feistel Ciphers (Substitution Permutation Networks), example AES (Advanced Encryption System) D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 12

  13. Feistel Cipher • Feistel cipher refers to a type of block cipher design, not a specific cipher • Split plaintext block into left and right halves: Plaintext = (L 0 ,R 0 ) • For each round i=1,2,...,n , compute L i = R i-1 R i = L i-1 ⊕ f(R i-1 ,K i ) where f is round function and K i is subkey • Ciphertext = (L n ,R n ) Feistel Permutation • Decryption: Ciphertext = (L n ,R n ) • For each round i=n,n-1,…,1 , compute R i-1 = L i L i-1 = R i ⊕ f(R i-1 ,K i ) where f is round function and K i is subkey • Plaintext = (L 0 ,R 0 ) • Formula “works” for any function F • But only secure for certain functions F D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 13

  14. Encryption Repeating/ Iterating this transformation we obtain the Feistel Cipher key L R 32 28 28 One expand shift shift 48 28 28 32 Round K i ⊕ 48 compress 48 of S-boxes DES 28 28 32 P box Function f 32 32 Note that the design of DES ⊕ is reduced to 32 the design of f, key which works L R on shorter lengths D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 14

  15. Non-Feistel Ciphers • Composed of only invertible components. • Input to round function consists of key and the output of previous round • These functions are obtained by the repeated application of Substitution (invertible SBoxes) and Permutation. • Thus they are called Substitution Permutation Networks (SPN). Further Reading • C. E. Shannon, Communication Theory of Secrecy Systems. Bell Systems Technical Journal, 28(1949), 656-715 • B. A Forouzan, Cryptography & Network Security, Tata Mc Graw Hills, Chapter 5 • Douglas Stinson, Cryptography Theory and Practice, 2 nd Edition , Chapman & Hall/CRC D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 15

Recommend

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

CS 166: Information Security Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers & Block Ciphers Stream ciphers based on the one-time pad Block ciphers based on codebook ciphers Symmetric

650 views • 52 slides
Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks Properties of Secure Ciphers Components of Block Ciphers Classes of Block Ciphers DES AES Secure Communication using

606 views • 27 slides
B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

1 B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers Normally, stream ciphers are symmetric algorithms with encryption = decryption In this course we only consider symmetric stream ciphers.

828 views • 44 slides
Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and their applications are the primary focus

521 views • 5 slides
Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric Algorithms Encryption and Decryption use the same key i.e. K E = K D Examples: Block Ciphers : DES, AES, PRESENT, etc. Stream

534 views • 40 slides
The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair

The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair

Online Cryptography Course Dan Boneh Stream ciphers The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs ( E , D ) where E is often

880 views • 83 slides
Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm, Fri 11am and one exercise

239 views • 12 slides
Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified algorithm originally designed for the NSA-sponsored Clipper chip declassified in 1998 32 rounds, breakable with 31 rounds 80 bit key, inadequate

464 views • 12 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for

CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for

CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for Research on Computation and Society Harvard University October 3, 2005 1 Administrivia 1. LiveJournal everybody okay? 2. HW1 Checkpoint 3.

450 views • 42 slides
Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation Introduction to Computer Security Announcements Cryptography, symmetric and public-key Hash functions and MACs Stephen McCamant Building a secure

440 views • 11 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department

Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 Why Triple-DES?

627 views • 14 slides
Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
The One Time Pad Dan Boneh Symmetric Ciphers: defini<on

The One Time Pad Dan Boneh Symmetric Ciphers: defini<on

Online Cryptography Course

249 views • 14 slides
Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

882 views • 62 slides
Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

794 views • 62 slides
Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade provable security for practicality Stream cipher is initialized with short key Key is stretched into long keystream Keystream is used like

512 views • 35 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Communication Protocols Lecture 19 TLS We saw... Symmetric-Key Components SKE, MAC Public-Key

Communication Protocols Lecture 19 TLS We saw... Symmetric-Key Components SKE, MAC Public-Key

Communication Protocols Lecture 19 TLS We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE (e.g., DDH, RSA) and

444 views • 16 slides

More recommend