Lucifer

1
Symmetric EncryptionFunctions

• Lucifer
• DES
• 3DES
• RC2
• RC4
• Blowfish
• AES
• ...

2
Symmetric Functions The Big Idea

• M f(M,key)
• M f(M,key)
• Note
• Same key encrypts and decrypts
• ff or f?f (some algorithms have a decrypt
  mode, some dont need it).

3
Symmetric Algorithms History

• Pencil-and-paper Ciphers, Codebooks, and
  encryption machines were all symmetric.
• Clearly, if you knew how to encrypt a message,
  you knew how to decrypt it, right?

4
German Enigma Machine

• Set code of the day on dials.
• Later models Set additional code with plugs and
  wires.
• Press a button with the letter to encrypt the
  encrypted letter lights up.
• Each key press advances the dials

5
Inside the Enigma

• http//www.math.miami.edu/harald/enigma/enigma.gi
  f

6
Cryptography after WW2

• Academia largely disinterested
• NSA Largest Employer of mathematicians in the
  world.

7
Cryptography and IBM

• IBM hired by Lloyds of London to arrange security
  for a cash dispensing network (early ATM
  machines.)
• IBM develops Lucifer cipher
• Symmetric Algorithm
• explicit encrypt/decrypt
• 112 bit key
• Substitution and transposition within
  8-character blocks

8
Cryptography and NBS

• National Bureau of Standards request proposals
  for a Data Encryption Standard.
• IBM submits Lucifer to NBS
• NBS submits Lucifer to NSA
• NSA returns Lucifer with tweaks to substitution
  boxes and 56-bit key

9
Can you trust DES?

• NSA said they made it better.
• Better for who?
• 56 bit key (was 112)
• new sboxes (what was wrong with old ones?)

10
You could trust DES.

• Lucifer was susceptible to differential
  cryptanalysis.
• NSA couldnt tell anybody!
• Technique was secret until independently
  discovered by Adi Shamir
• sbox changes differential cryptanalysis useless
  against DES
• IBM published a paper on this in the 90s.

11
DES A Fiestel Cipher
H. Feistel, "Cryptography and Computer Privacy,"
Scientific American, v. 228, n. 5, May 73, pp.
15-23.
12
DES cracking

• In the 1980s, it was hypothesized that someone
  could build a DES-cracking machine for 1M
• In the 1990s, John Gilmore and EFF built one
  for 250K. Deep Crack. Time to crack a key
  4-7 days. http//www.eff.org/descracker
• Nevertheless, DES is still widely used.

Why?
13
Is weak crypto better than no crypto?
weak crypto no crypto
stops casual disclosure doesnt give people a false sense of security
gets people used to use crypto gives people incentive to move to strong crypto
Most people dont need crypto anyway so why use it?
14
Strengthening DES

• Triple DES (3DES)
• Encrypt, Decrypt, Encrypt
• M f(f(f(M,K1),K2),K3)
• Set Key1Key2 for DES compatibility
• 3 keys 168 bits

15
RC2, RC4

• Rons Code 2 4
• Secret, proprietary algorithms from RSA Security

16
RC2

• Block cipher. Keysize 40-2048 bites
• Revealed in 1996 in anonymous Usenet posting
• Probably leaked by reverse engineering Lotus
  Notes
• Widely used because of 40-bit compromise
  between Software Publishers Association and
  Commerce Department.

17
RC4

• Very fast stream cipher - generates a
  pseudorandom stream used for XORing.
• Keysize 40-2048 bites
• Revealed in 1994 in anonymous Usenet posting
• Probably leaked by an engineer at Apple
• Also part of the 40-bit compromise.

18
RC5

• Invented by ... Ron Rivest
• Variable Key Size Variable of rounds
• Largely academic curiosity

19
RC2 RC4
RC2 RC4 RC5
keysize 40-2028 40-2028 40-2028
type block cipher stream cipher block cipher
Where Used SSL S/MIME SSL n/a
Protection Trademark Trade Secret Trademark Trademark
Speed fast Extremely fast immaterial
20
AES

• Advanced Encryption Standard
• Multi-year open competition
• Requirements
• Block cipher.
• Variable-length keys and blocks (128, 192, 256,
  etc.)
• Good in hardware or software.

21
AES Finalists

• Twofish - Bruce Schneier
• RC5 - Ron Rivest
• MARS
• Rijndael - Vincent Rijmen and Joan Daemen

22
Interesting things to note about AES

• US picked a foreign-designed cipher as its
  standard.
• Not a Fiestel cipher. New Math
• AES is faster than DES, even with longer keys!

23
Other Block Ciphers

• CAST-128 (RFC-2144), 64-bit block, 16-round,
  128-bit key
• Blowfish (Schneider, 64-bit block, 40-448 bit key)

24
Openness in Design

• Finally, I should note that publishing the
  design of a cipher inherently weakens it by
  providing an attacker with details of its
  operation. The most secure approach would be to
  design a cipher from scratch and keep both the
  algorithm and the keys secret. While designing a
  cryptosystem is fairly easy, evaluating it for
  loopholes is not. Governments and other very
  large institutions may have the resources to
  design and evaluate their own cryptosystem, but
  the rest of us are probably well advised to use
  published ciphers that have been publicly
  evaluated for weaknesses.

http//www.freesoft.org/CIE/Topics/145.htm
25
Modes of Operation

• Defines how a block cipher is used on data longer
  than a block.
• A strong cipher can be made less secure (not
  secure) with a bad mode of operation

26
Most Important Modes

• ECB - Electronic Code Book
• CBC - Cipher Block Chaining
• CFB - Cipher Feed Back (XOR generator)
• Counter Mode

27
Electronic Code Book
http//www.freesoft.org/CIE/Topics/143.htm
28
ECB Demo
ECB
CBC
original
http//en.wikipedia.org/wiki/Block_cipher_modes_of
_operation
29
Other problems with ECB

• Replay attacks
• Mauling

1 0011001 9 0011101
30
Cipher Block Chaining
31
Cipher Feedback Mode
http//members.chello.at/s.peer/
32
Counter Mode
http//en.wikipedia.org/wiki/Block_cipher_modes_of
_operation
33
Privacy vs. Integrity

• Need for the two to be distinguished was not
  evident back in the 1970s.
• In some cases, the ability to change encrypted
  data may be sufficient.

34
APIs!
35
RC4 Easiest there Is
void RC4_set_key(RC4_KEY key, int len,
const unsigned char
data) void RC4(RC4_KEY key, unsigned long
len, const unsigned char
indata, unsigned char outdata)
Note Decrypt and Encrypt are the same operation!
36
RC4 in Perl
Functional Style use
CryptRC4 encrypted RC4(
passphrase, plaintext ) decrypt
RC4( passphrase, encrypted ) OO
Style use CryptRC4 ref
CryptRC4-gtnew( passphrase )
encrypted ref-gtRC4( plaintext )
ref2 CryptRC4-gtnew( passphrase )
decrypted ref2-gtRC4( encrypted )
process an entire file, ref3
CryptRC4-gtnew( passphrase ) while
(ltFILEgt) print ref3-gtRC4(_)

37
RC2 Block Encryption is Harder!
void RC2_set_key(RC2_KEY key, int len,
const unsigned char data,int
bits) void RC2_ecb_encrypt(const unsigned char
in,
unsigned char out,
RC2_KEY key, int enc) void
RC2_encrypt(unsigned long data,RC2_KEY
key) void RC2_decrypt(unsigned long
data,RC2_KEY key) void RC2_cbc_encrypt(const
unsigned char in, unsigned char out,
long length, RC2_KEY ks, unsigned char
iv, int enc)
38
EVP OpenSSL Generic Cipher Algorithms
int EVP_EncryptInit(EVP_CIPHER_CTX ctx,
const EVP_CIPHER type, unsigned
char key, unsigned char iv) int
EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned
char out, int outl, unsigned
char in, int inl) int
EVP_EncryptFinal(EVP_CIPHER_CTX ctx, unsigned
char out, int outl)
int EVP_DecryptInit(EVP_CIPHER_CTX ctx, const
EVP_CIPHER type, unsigned char
key, unsigned char iv) int
EVP_DecryptUpdate(EVP_CIPHER_CTX ctx, unsigned
char out, int outl, unsigned
char in, int inl) int
EVP_DecryptFinal(EVP_CIPHER_CTX ctx, unsigned
char outm, int outl)
int EVP_CipherInit(EVP_CIPHER_CTX ctx, const
EVP_CIPHER type, unsigned char
key, unsigned char iv, int enc) int
EVP_CipherUpdate(EVP_CIPHER_CTX ctx, unsigned
char out, int outl, unsigned
char in, int inl) int
EVP_CipherFinal(EVP_CIPHER_CTX ctx, unsigned
char outm, int outl)
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX
x, int keylen) int EVP_CIPHER_CTX_ctrl(E
VP_CIPHER_CTX ctx, int type, int arg, void
ptr) int EVP_CIPHER_CTX_cleanup(EVP_CIPH
ER_CTX a)
39
Perl Modules for Symmetric Encryption

• CryptBlowfish
• CryptCAST5
• CryptDES
• CryptRC4
• CryptRC5
• CryptRC6
• CryptTripleDES
• CryptTwofish