symmetric key cryptography introduction to symmetric key
play

Symmetric Key Cryptography Introduction to Symmetric Key - PowerPoint PPT Presentation

Jun 03, 2023 •38 likes •758 views

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

  1. PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Kölbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography

  2. Introduction to Symmetric Key Cryptography

  3. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography

  4. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography RC4 Don’t blame the user!

  5. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms Heartbleed ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography

  6. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms Drown Attack ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography

  7. Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography Myth

  8. Hash Function MD5 • Not collision resistant [WY05] • Constructing a rogue CA [Ste+09] • Not collision resistant [WYY05] • First practical collisions this year • Plaintext Recovery in TLS [AlF+13] • ... 2 Symmetric Key Cryptography Hash Function SHA-1 Stream Cipher RC4

  9. A long list... • MIFARE Classic (Crypto 1) • A5/1, A5/2 • DECT • Kindle Cipher • ... 3 Symmetric Key Cryptography • Keeloq

  10. What can we do? • Encryption • Authentication (MAC) • Hashing • Random Number Generation • Digital Signature Schemes 4 Symmetric Key Cryptography • Key Exchange

  11. Digital Signatures • Hash-based Signature Schemes (MSS, XMSS [BDH11], SPHINCS [Ber+15]) • Zero-Knowledge Proof Based (Fish [Cha+17], Picnic [Cha+17]) 5 Symmetric Key Cryptography

  12. Key Exchange with Merkle Puzzles (1978) • Reveals an id and key k id . Alice Bob id i • Bob needs to compute n steps. 6 Symmetric Key Cryptography • Alice prepares m Puzzles: P 1 , . . . , P m . • Solving a puzzle requires n steps. P 1 , . . . , P m Solve P i → id i , k i • Adversary needs to compute mn .

  13. We need a shared secret between the parties. Meet on Friday qgWqNDAdcYgmyOy Meet on Friday qgWqNDAdcYgmyOy K K 7 Symmetric Key Cryptography Note E E

  14. The adversary • Eavesdrop on communication • Modify transmission • Delete/Insert messages • ... ...but is bound in • Computational power • Available memory • Time • Data 8 Symmetric Key Cryptography

  15. Goals of the attacker • Decrypt a ciphertext • Forge a signature • Recover the secret key • Distinguish output • ... Message Random qgWqNDA ? ? 9 Symmetric Key Cryptography E

  16. How do we achieve security for an algorithm? • Reduce security to a hard problem. • Make it secure against all known attacks. 10 Symmetric Key Cryptography Note We can not proof security for a primitive.

  17. Encryption

  18. Plaintext Ciphertext BC Key • Encrypts blocks of fixed size n with a key of size k . • Requires a mode to encrypt arbitrary messages. Block cipher is not an encryption scheme 11 Block Ciphers

  19. Ideal Block Cipher K 001111110000... K 111111001000... Plaintexts Ciphertexts 12 Symmetric Key K = 101010111010...

  20. Ideal Block Cipher K 101010111010... K 111111001000... Plaintexts Ciphertexts 12 Symmetric Key K = 001111110000...

  21. Ideal Block Cipher K 101010111010... K 001111110000... Plaintexts Ciphertexts 12 Symmetric Key K = 111111001000...

  22. random. 13 Block Ciphers A block cipher can be seen as a family of 2 k n-bit bijections. Problem There are 2 n ! bijections, we ideally want to choose 2 k uniformly at Goal We need something efficient to mimic this behaviour.

  23. 14 f 2 K r K 3 K 2 K 1 f r f 3 f 1 Iterated construction C P BC Ciphertext Plaintext Key Block Ciphers

  24. 15 f 2 R 4 L 4 R 0 L 0 f 4 f 3 f 1 The Data Encryption Standard • Standardized in 1977. • Encrypts 64-bit blocks rounds. • Feistel Network with 16 • Developed in 1970s at IBM. Symmetric Key Cryptography with 56-bit keys.

  25. 16 • HPC • Twofish • Serpent • SAFER+ • Rijndael • RC6 • MARS • MAGENTA • LOKI97 • FROG The Advanced Encryption Standard (AES) • E2 • DFC • DEAL • CRYPTON • CAST-256 256 bits. • Must support block size of 128 bits and key size of 128, 192 and • Public Competition hosted by NIST (1997-2001) Symmetric Key Cryptography

  26. 16 • HPC • Twofish • Serpent • SAFER+ • Rijndael • RC6 • MARS • MAGENTA • LOKI97 • FROG The Advanced Encryption Standard (AES) • E2 • DFC • DEAL • CRYPTON • CAST-256 256 bits. • Must support block size of 128 bits and key size of 128, 192 and • Public Competition hosted by NIST (1997-2001) Symmetric Key Cryptography

  27. AES/Rijndael • Blocksize: 128-bit • Keysize: 128/192/256 bits • Iterated block cipher with 10/12/14 rounds • Is part of a wide-range of standards. • Direct support by instructions in modern CPUs. 17 Block Ciphers

  28. 18 b b b b b b b b b b b b b b 1,2 b 0,0 b 2,3 S SubBytes 3,3 3,2 3,1 3,0 2,2 0,1 2,0 1,3 1,1 1,0 0,3 0,2 2,1 3,3 a a 1,2 a a a a a 1,1 a a a 2,1 a 3,2 a • MixColumns a a 0,0 • ShiftRows 0,2 0,3 1,0 1,3 2,0 2,2 2,3 3,0 • SubBytes • AddKey Block Ciphers Update 4 × 4 state of bytes a 0,1 a 3,1

  29. 18 1,1 1,0 1,3 1,2 1,1 1,3 1,2 1,0 0,1 0,3 0,2 0,1 0,0 Shift 3 Shift 2 Shift 1 0,0 0,2 No 3,0 3,3 3,2 3,1 3,0 3,3 3,2 3,1 2,3 0,3 2,2 2,1 2,0 2,3 2,2 2,1 2,0 change a a a a a a a a a a a a a a ShiftRows • AddKey • MixColumns a a • SubBytes a a a a a a a a a a a a a a a a • ShiftRows Block Ciphers Update 4 × 4 state of bytes

  30. 18 2,1 3,3 3,2 3,3 b 1,2 b b b b b b b b 2,3 b b b b 0,0 b0,1 0,2 0,3 1,0 3,2 1,3 2,0 2,2 3,0 2,2 3,0 a • SubBytes • ShiftRows • MixColumns • AddKey 1,2 a a a a a 1,1 a a 2,0 2,1 a a a a a a 0,0 MixColumns 0,2 0,3 1,0 1,3 2,3 Block Ciphers Update 4 × 4 state of bytes a 0,1 b 1,1 a 3,1 b 3,1

  31. 18 3,0 b b b b 1,2 2,1 b 3,3 3,2 3,1 2,3 b 2,2 2,0 1,3 1,2 1,1 1,0 0,3 0,2 0,1 0,0 b b k 1,0 AddRoundKey 3,3 3,2 3,1 3,0 2,3 2,2 2,0 1,3 1,1 0,3 b 0,2 0,1 0,0 b b b b b b b k k 0,1 a a a a a a a a a a a k a a a a a 1,1 1,2 2,1 • AddKey 0,0 0,2 • ShiftRows k k k • SubBytes k k k k k k k 0,3 k 3,3 3,2 3,1 3,0 2,3 2,2 2,0 1,3 1,0 • MixColumns Block Ciphers Update 4 × 4 state of bytes k 2,1

  32. Current state of key recovery attacks for AES-128 0 6 7 8 10 There are many more attacks with different trade-offs of time/data/memory. 19 Block Ciphers 2 126 . 18 [BKR11] 2 44 [Fer+00] 2 99 [DFJ13] 2 125 . 34 [BKR11]

  33. Stream Ciphers

  34. Plaintext Ciphertext Keystream • Encrypts individual digits . • IV to have multiple key stream for each K • Requires no padding. • Often used for low-bandwidth communication. 20 Stream Ciphers Key IV E

  35. Widely found in practice • GSM standard (A5/1, A5/2) • LTE (SNOW 3G, ZUC) • Bluetooth (E0) • TLS protocol (RC4, ChaCha20) 21 Stream Ciphers

  36. eSTREAM Project (EU) ...promote the design of efficient and compact stream ciphers suitable for widespread adoption... Software Hardware HC-128 Grain v1 Rabbit MICKEY 2.0 Salsa20/12 Trivium SOSEMANUK 22 Stream Ciphers Goal

  37. 23 1 4 5 6 7 8 0 2 LFSR-based Constructions, e.g. A5/1 3 4 5 6 7 8 3 2 1 2 • Load IV and Key in registers. • Shift registers depending on values in . • Produces 1-bit output in each iteration. 0 1 3 0 4 5 6 7 8 Stream Ciphers 9 10 11 12 13 14 15 16 17 18 9 10 11 12 13 14 15 16 17 18 19 20 21 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  38. Counter Mode (CTR) AES K AES K AES K … Keystream: Reusing nonce and counter gives same keystream. 24 Stream Ciphers N || 0 . . . 01 N || 0 . . . 02 N || 0 . . . 03 C 0 , . . . , C 127 C 128 , . . . , C 255 C 256 , . . . , C 383 Note

  39. Salsa20 / ChaCha20 • ARX-based design • 512-bit state • Uses 256-bit key • 20 rounds • Fast in software • ChaCha20-Poly1305 in TLS 25 Stream Ciphers

  40. Current state of key recovery attacks for Salsa20 0 5 6 7 8 20 For ChaCha typically one round less. 26 Stream Ciphers 2 8 [CM16] 2 244 . 9 [CM16] 2 32 [CM16] 2 137 [CM16]

  41. Cryptographic Hash Functions

  42. ”There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.” WqNDAdcYgmyO 27 Hash Functions H

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko Chair, Symmetric-Key Cryptography Subcommittee (Science University of Tokyo) 1 Symmetric-Key Cryptography Subcommittee(2002) K.Araki (TIT)

998 views • 20 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric Cryptosystems Course Technicalities Renate Scheidler 1 Department of Mathematics & Statistics Overview of Cryptography 2 Department of Computer

222 views • 9 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information Sciences Radboud University ibenik summer school 2016 Page 1 of 51 Joan Daemen ibenik summer school 2016 Symmetric Crypto Outline Security

1.38k views • 58 slides
Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

I5020 Computer Security Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

1.25k views • 49 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

794 views • 62 slides
Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

882 views • 62 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
Quantum Attacks on Symmetric Cryptography Gregor Leander (joint work with Alex May) MMC 2017

Quantum Attacks on Symmetric Cryptography Gregor Leander (joint work with Alex May) MMC 2017

Introduction Quantum Basics Grover Grover and Simon on Symmetric Crypto The FX Construction Conclusion Quantum Attacks on Symmetric Cryptography Gregor Leander (joint work with Alex May) MMC 2017 Introduction Quantum Basics Grover Grover

1.45k views • 97 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
An Introduction to Symmetric Functions Ira M. Gessel Department of Mathematics Brandeis

An Introduction to Symmetric Functions Ira M. Gessel Department of Mathematics Brandeis

An Introduction to Symmetric Functions Ira M. Gessel Department of Mathematics Brandeis University Brandeis Combinatorics Seminar November 1, 2016 What are symmetric functions? Symmetric functions are not functions. What are symmetric

778 views • 75 slides
Cryptography: Symmetric Encryption (continued), Hash Functions,

Cryptography: Symmetric Encryption (continued), Hash Functions,

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (continued), Hash Functions, Message Authentication Codes Spring

676 views • 23 slides
The Strong Symmetric Genus of Almost All D -type Generalized Symmetric Groups Michael A. Jackson

The Strong Symmetric Genus of Almost All D -type Generalized Symmetric Groups Michael A. Jackson

Introduction Generalized Symmetric and D -type groups Process Results The Strong Symmetric Genus of Almost All D -type Generalized Symmetric Groups Michael A. Jackson Department of Mathematics - Grove City College majackson@gcc.edu Groups St.

726 views • 48 slides
Key Management and Distribution Symmetric with Asymmetric Public Keys CSS322: Security and

Key Management and Distribution Symmetric with Asymmetric Public Keys CSS322: Security and

CSS322 Key Management Key Distribution Symmetric with Symmetric Key Management and Distribution Symmetric with Asymmetric Public Keys CSS322: Security and Cryptography X.509 Sirindhorn International Institute of Technology Thammasat

1.33k views • 33 slides
Key Management and Distribution Symmetric with Asymmetric Public Keys CSS441: Security and

Key Management and Distribution Symmetric with Asymmetric Public Keys CSS441: Security and

CSS441 Key Management Key Distribution Symmetric with Symmetric Key Management and Distribution Symmetric with Asymmetric Public Keys CSS441: Security and Cryptography X.509 Sirindhorn International Institute of Technology Thammasat

545 views • 33 slides
The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work

The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work

The State of the Art in Symmetric Lightweight Cryptography Lo Perrin Based on a joint work with Alex Biryukov November 18, 2017 Cryptacus Workshop Taken from a document writen originally in English. The programming of billions of processors

903 views • 75 slides

More recommend