symmetric key encryp on
play

Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 - PowerPoint PPT Presentation

Jul 03, 2023 •208 likes •490 views

Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall: defini.ons of encryp.on Perfect secrecy CPA security CCA security Today Prac.cal construc.ons 9/9/2009 598MAN Applied Cryptography

  1. Symmetric Key Encryp.on 9/9/2009 598MAN ‐ Applied Cryptography 1

  2. Outline • Recall: defini.ons of encryp.on – Perfect secrecy – CPA security – CCA security • Today – Prac.cal construc.ons 9/9/2009 598MAN ‐ Applied Cryptography 2

  3. Perfect Secrecy • One‐.me pads • Prac.cal? – Has been used (exchange tapes / CDs / DVDs of random bits) – Generally, using pad only once big limita.on • OTen, people get sloppy and reuse pads – Further reading: hVp://www1.cs.columbia.edu/ ~smb/blog/2009‐08/2009‐08‐28.html 9/9/2009 598MAN ‐ Applied Cryptography 3

  4. Two‐.me Pads? C 1 = P 1 xor keystream C 2 = P 2 xor keystream C 1 xor C 2 = P 1 xor P 2 • What can you learn from the XOR of two plaintexts? – One plaintext if you know the other – Both plaintexts if you know some sta.s.cal proper.es 9/9/2009 598MAN ‐ Applied Cryptography 4

  5. Stream Ciphers aka PRNGs • Construc.on presented last class: – OWP => Hard core bits => PRG => PRNG • Speed evalua.on – One‐way permuta.on: Rabin func.on over QR’s – 512‐bit modulus: ~10K /s • 512‐bit # factored on single computer in 73 days! – 1024‐bit modulus: ~3K /s • 3Kbps or ~400 bytes / second • Can we do beVer? 9/9/2009 598MAN ‐ Applied Cryptography 5

  6. RC4 • Custom‐designed stream generator – Developed by Ron Rivest @ RSA Labs – Aka ARCFOUR (“Alleged RC4”) • Efficient to implement in soTware • Key size: up to 2048 bits • Speed: – 253355.04 KB/s – ~600 000 .mes faster! 9/9/2009 598MAN ‐ Applied Cryptography 6

  7. RC4 design • Table S – 256 8‐bit values • Ini.aliza.on for i in range(0,256): S[i] = I j = 0 for i in range(0,256): j = j + S[i] + key[i%keylen] swap(S[i],S[j]) 9/9/2009 598MAN ‐ Applied Cryptography 7

  8. RC4 keystream genera.on i = 0 j = 0 while True: i = i+1 j = j+s[i] swap(s[i],s[j]) output(s[(s[i]+s[j]) % 256]) 9/9/2009 598MAN ‐ Applied Cryptography 8

  9. RC4 security • Heuris.c security – People try to break it, see if it survives – Note: same as Rabin’s OWP security! • Weaknesses: – Digram sta.s.cs [Paul,Preneel’04] – Key leakage [Fluhrer,Man.n,Shamir’01] • Used to break WEP – Many others 9/9/2009 598MAN ‐ Applied Cryptography 9

  10. RC4 use • Widely popular – SSL/TLS – SSH – WEP / WPA – BitTorrent – PDF – … • Can be made secure (heuris.cally) – Drop first n bytes (n=512 or 3072) – Use completely random keys 9/9/2009 598MAN ‐ Applied Cryptography 10

  11. RC4 for CPA security • Is RC4 encryp.on CPA‐secure? • No! – Same plaintext encrypts to same ciphertext – Similar to one‐.me PAD • How to fix? – Different key for every use 9/9/2009 598MAN ‐ Applied Cryptography 11

  12. Ini.aliza.on Vectors Ini.aliza.on Vectors • Can be public • Do not have to be Key Key 1 1 Keystream 1 RC4 random xor Plantext 1 • Must never be reused How do you ensure this? 1 Ciphertext 1 Key Key 2 2 Keystream 2 RC4 xor Plantext 2 2 Ciphertext 2 9/9/2009 598MAN ‐ Applied Cryptography 12

  13. Block Ciphers • A liVle like PRF – In prac.ce, inver.ble pseudo‐random permuta.on Plaintext Ciphertext Encrypt Key Key Decrypt Ciphertext Plaintext 9/9/2009 598MAN ‐ Applied Cryptography 13

  14. Examples • Permuta.on cipher – Block size = 1 character (~ 5bits) – Key size = 5 * 26 = 130 bits (actually ~88 bits) – Too easy to break • DES – Designed at IBM – Lucifer: 128‐bit key, 128‐bit block – NSA revision: 56‐bit key, 64‐bit block, improved S‐boxes 9/9/2009 598MAN ‐ Applied Cryptography 14

  15. Block Size • How important is block size? – Permuta.on: same plaintext => same ciphertext • How many encryp.ons before you see two iden.cal plaintext blocks? (random plaintext, 64‐bit blocks) – 2 32 blocks ( n 1/2 , birthday paradox) • How many before you see all blocks – ~ 2 68 blocks (n log n, coupon collector) 9/9/2009 598MAN ‐ Applied Cryptography 15

  16. Key size • How big a key size should you use? – Want to prevent brute‐force search – Note: cipher is “secure” if brute‐force search fastest approach to break it • Many people believed DES key size too small from incep.on – 1999: EFF builds DES cracker, 1.5 days, $250K – 2008: COPACOBANA, $10K, < 1 week 9/9/2009 598MAN ‐ Applied Cryptography 16

  17. Key size selec.on • How much money does your adversary have? – 64‐bit feasible for $10K – ~87‐bit feasible for $10B! • How much .me do you want thing to stay secret? – Moore’s law (corollary): computa.onal unit becomes twice as cheap every ~2 years – 128‐bit feasible in 128 years (for $10K) – Note: key search trivially parallelizable • Further reading – www.keysize.com 9/9/2009 598MAN ‐ Applied Cryptography 17

  18. ATer DES 3DES: Encrypt‐Decrypt‐Encrypt • – C = E k1 (D k2 (E k3 (P))) Why not 2DES? • – C = E k1 (E k2 ((P)) – Meet‐in‐the‐middle aVack E0(P) D0(C) find E1(P) D1(C) matches sort sort … … E 2 56 ‐1 (P) D 2 56 ‐1 (C) 9/9/2009 598MAN ‐ Applied Cryptography 18

  19. AES • Contest held by NIST to design new block cipher • Winner: Rijndael (aka AES) • 128‐bit block • 128‐, 192‐, or 256‐bit key size 9/9/2009 598MAN ‐ Applied Cryptography 19

  20. Encryp.on with AES • Split file into blocks, encrypt each with AES • Is XOR aVack s.ll possible? • Is this CPA‐secure? 9/9/2009 598MAN ‐ Applied Cryptography 20

  21. Use IVs Plaintext1 Plaintext2 IV1 xor IV2 xor Key Encrypt Key Encrypt IV1 Ciphertext1 IV2 Ciphertext2 Ciphertext size expanded by a factor of 2! 9/9/2009 598MAN ‐ Applied Cryptography 21

  22. CBC‐mode Plaintext1 Plaintext2 IV1 xor xor Key Encrypt Key Encrypt IV1 Ciphertext1 Ciphertext2 Re‐use previous ciphertext as IV for next block 9/9/2009 598MAN ‐ Applied Cryptography 22

  23. Other Modes • OFB, CFB, Counter 9/9/2009 598MAN ‐ Applied Cryptography 23

  24. CCA Security • Is CBC CCA‐secure? 9/9/2009 598MAN ‐ Applied Cryptography 24

  25. PCBC • Propaga.ng CBC mode 9/9/2009 598MAN ‐ Applied Cryptography 25

  26. Message Authen.ca.on Codes • IDEA: make it impossible for aVacker to generate a valid message • I.e., authen.cate message Plaintext Encrypt MAC Key Checksum Ciphertext 9/9/2009 598MAN ‐ Applied Cryptography 26

  27. MACs • How long should a MAC be? • CBC‐MAC: – CBC‐encrypt plaintext with 0 IV – Use last encrypted block as MAC • Only secure for fixed‐length messages (why?) – Can be extended for longer messages 9/9/2009 598MAN ‐ Applied Cryptography 27

  28. Summary • Prac.cal construc.ons for: – Perfect secrecy: one‐.me pad – CPA security: stream ciphers, block ciphers – CCA security: CPA + MAC • Take‐away: – Use AES‐CTR + CBC‐MAC (or HMAC) – If not, beVer have a good reason! 9/9/2009 598MAN ‐ Applied Cryptography 28

Recommend

Exploi'ng Leakage in Searchable Encryp'on and Machine

Exploi'ng Leakage in Searchable Encryp'on and Machine

Exploi'ng Leakage in Searchable Encryp'on and Machine Learning Tom Ristenpart Covering joint work with : David Cash, Paul Grubbs, Jason Perry

875 views • 56 slides
New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart

New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart

New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart University of Wisconsin Covering joint work with: Sco@ Coull, Kevin Dyer, Ari Juels,

751 views • 54 slides
Modifying an Enciphering Scheme a3er Deployment Paul Grubbs, Thomas Ristenpart, Yuval Yarom

Modifying an Enciphering Scheme a3er Deployment Paul Grubbs, Thomas Ristenpart, Yuval Yarom

Modifying an Enciphering Scheme a3er Deployment Paul Grubbs, Thomas Ristenpart, Yuval Yarom Format-Preserving Encryp&lt;on (FPE) Encryp&lt;on service Client E(CCN) CCN E(CCN) E(CCN) E(CCN) Format-Preserving Encryp&lt;on (FPE)

246 views • 24 slides
Using Fully y Homomorphic Encryp yption for St Statistical Analysi sis s of Categori rical,

Using Fully y Homomorphic Encryp yption for St Statistical Analysi sis s of Categori rical,

Using Fully y Homomorphic Encryp yption for St Statistical Analysi sis s of Categori rical, , Or Ordinal and and Num Numeric ical al Data Wen-jie Lu 1 , Shohei Kawasaki 1 , Jun Sakuma 1,2,3 1. University of Tsukuba, Japan 2. JST

540 views • 30 slides
Enc Encryp ypted Sear ed Search h Seny Kamara Brown University 2 3 4 Q: Why is this

Enc Encryp ypted Sear ed Search h Seny Kamara Brown University 2 3 4 Q: Why is this

Enc Encryp ypted Sear ed Search h Seny Kamara Brown University 2 3 4 Q: Why is this happening? 5 Big Data Industry and Governments want more data NaDonal security Machine learning Business analyDcs NLP

431 views • 30 slides
Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and

Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and

Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and Pr Preliminaries 1 Cryp Cr yptography The word cryptography comes from the Greek words (hidden or secret) and

670 views • 37 slides
End End-to-end File Encr Encryp yption i in n the the Web Br eb Browser er A Ca Case

End End-to-end File Encr Encryp yption i in n the the Web Br eb Browser er A Ca Case

End End-to-end File Encr Encryp yption i in n the the Web Br eb Browser er A Ca Case e Study dy Thomas Konrad, SBA Research Vue.js Meetup Vienna, Feb 11, 2020 SBA Research gGmbH, 2020 Classification: Public 1 ~ $ whoami Thomas

770 views • 50 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
0 4 1 3 2 No deterministic symmetric dining solution [RL81] Probabilistic symmetric

0 4 1 3 2 No deterministic symmetric dining solution [RL81] Probabilistic symmetric

Once up on a time ... [Dij71] 0 4 1 3 2 No deterministic symmetric dining solution [RL81] Probabilistic symmetric solution T raditional non-symmetric: Left-Righ t solution Generalized dining philosophers [Lyn81] . . .

625 views • 20 slides
6. The Symmetric Eigenvalue Problem A must for engineers . . . 6. The Symmetric Eigenvalue

6. The Symmetric Eigenvalue Problem A must for engineers . . . 6. The Symmetric Eigenvalue

Motivation Condition Vector Iteration QR Iteration Reduction Algorithms 6. The Symmetric Eigenvalue Problem A must for engineers . . . 6. The Symmetric Eigenvalue Problem Numerical Programming I (for CSE), Hans-Joachim Bungartz page 1

430 views • 28 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Inequalities for Symmetric Polynomials Curtis Greene October 24, 2009 Inequalities for Symmetric

Inequalities for Symmetric Polynomials Curtis Greene October 24, 2009 Inequalities for Symmetric

Inequalities for Symmetric Polynomials Inequalities for Symmetric Polynomials Curtis Greene October 24, 2009 Inequalities for Symmetric Polynomials Co-authors This talk is based on Inequalities for Symmetric Means, with Allison

951 views • 50 slides
Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Online Cryptography Course

1.02k views • 62 slides
The Strong Symmetric Genus of Almost All D -type Generalized Symmetric Groups Michael A. Jackson

The Strong Symmetric Genus of Almost All D -type Generalized Symmetric Groups Michael A. Jackson

Introduction Generalized Symmetric and D -type groups Process Results The Strong Symmetric Genus of Almost All D -type Generalized Symmetric Groups Michael A. Jackson Department of Mathematics - Grove City College majackson@gcc.edu Groups St.

726 views • 48 slides
Symmetric Circuits with Non-Symmetric Gates Anuj Dawar Department of Computer Science and

Symmetric Circuits with Non-Symmetric Gates Anuj Dawar Department of Computer Science and

Symmetric Circuits with Non-Symmetric Gates Anuj Dawar Department of Computer Science and Technology, University of Cambridge based on joint work with Gregory Wilsenach HellaFest, Murikanranta, 5 July 2018 Lauri Hella and Generalized

387 views • 22 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Symmetric Cauchy stresses do not imply symmetric Biot strains in weak formulations of isotropic

Symmetric Cauchy stresses do not imply symmetric Biot strains in weak formulations of isotropic

Symmetric Cauchy stresses do not imply symmetric Biot strains in weak formulations of isotropic hyperelasticity with rotational degrees of freedom. Andreas Fischle , Patrizio Neff and Ingo Mnch Universitt Duisburg-Essen ,

515 views • 38 slides
An Introduction to Symmetric Functions Ira M. Gessel Department of Mathematics Brandeis

An Introduction to Symmetric Functions Ira M. Gessel Department of Mathematics Brandeis

An Introduction to Symmetric Functions Ira M. Gessel Department of Mathematics Brandeis University Brandeis Combinatorics Seminar November 1, 2016 What are symmetric functions? Symmetric functions are not functions. What are symmetric

778 views • 75 slides
Symmetric Gro up pe rmutatio ns o f 3 o bje c ts Gro up elements c an be written in this

Symmetric Gro up pe rmutatio ns o f 3 o bje c ts Gro up elements c an be written in this

Symmetric Gro up pe rmutatio ns o f 3 o bje c ts Gro up elements c an be written in this fo rmat: Symmetric Gro up No te Symmetric group Product operation Is the group elements {e,a,b,ab,b,b^2} isomorphic to the above

347 views • 23 slides
Symmetric Gro up pe rmutatio ns o f 3 o bje c ts Gro up elements c an be written in this

Symmetric Gro up pe rmutatio ns o f 3 o bje c ts Gro up elements c an be written in this

Symmetric Gro up pe rmutatio ns o f 3 o bje c ts Gro up elements c an be written in this fo rmat: Symmetric Gro up No te Symmetric group Product operation Is the group elements {e,a,b,ab,b,b 2 } isomorphic to the above

497 views • 32 slides
DISE: DISTRIBUTED SYMMETRIC-KEY ENCRYTION Shashank Agrawal Payman Mohassel Pratyay Mukherjee

DISE: DISTRIBUTED SYMMETRIC-KEY ENCRYTION Shashank Agrawal Payman Mohassel Pratyay Mukherjee

DISE: DISTRIBUTED SYMMETRIC-KEY ENCRYTION Shashank Agrawal Payman Mohassel Pratyay Mukherjee Peter Rindal Threshold Cryto Has focused on public-key crypto Symmetric-key encryption got less attention Symmetric keys dont stay

338 views • 31 slides
Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Definition of Symmetric Types of Symmetric Key ciphers

452 views • 23 slides
Coxeter groups and Artin groups Day 2: Symmetric Spaces and Simple Groups Jon McCammond (U.C.

Coxeter groups and Artin groups Day 2: Symmetric Spaces and Simple Groups Jon McCammond (U.C.

Coxeter groups and Artin groups Day 2: Symmetric Spaces and Simple Groups Jon McCammond (U.C. Santa Barbara) 1 Symmetric Spaces Def: A Riemannian manifold is called a symmetric space if at each point p there exists an isometry fixing p and

295 views • 25 slides
Symmetric Designs Lucia Moura School of Electrical Engineering and Computer Science University

Symmetric Designs Lucia Moura School of Electrical Engineering and Computer Science University

Symmetric designs Projective Planes and Geometries Symmetric Designs Lucia Moura School of Electrical Engineering and Computer Science University of Ottawa lucia@eecs.uottawa.ca Winter 2017 Symmetric Designs Lucia Moura Symmetric designs

574 views • 20 slides

More recommend