Applied Cryptography (Symmetric)

1
Applied Cryptography(Symmetric)

• Part I

2

• Many savages at the present day regard their
  names as vital parts of themselves, and therefore
  take great pains to conceal their real names,
  lest these should give to evil-disposed persons a
  handle by which to injure their owners.
• The Golden Bough, Sir James George Frazer

3
Symmetric Encryption

• or conventional / private-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are
  private-key
• was only type prior to invention of public-key in
  1970s
• and by far most widely used

4
Some Basic Terminology

• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to
  ciphertext
• key - info used in cipher known only to
  sender/receiver
• encipher (encrypt) - converting plaintext to
  ciphertext
• decipher (decrypt) - recovering ciphertext from
  plaintext
• cryptography - study of encryption
  principles/methods
• cryptanalysis (codebreaking) - study of
  principles/ methods of deciphering ciphertext
  without knowing key
• cryptology - field of both cryptography and
  cryptanalysis

5
Symmetric Cipher Model
6
Requirements

• two requirements for secure use of symmetric
  encryption
• a strong encryption algorithm
• a secret key known only to sender / receiver
• mathematically have
• Y EK(X)
• X DK(Y)
• assume encryption algorithm is known
• implies a secure channel to distribute key

7
Cryptography

• Classify cryptographic system by
• type of encryption operations used
• substitution / transposition / product
• number of keys used
• single-key or private / two-key or public
• way in which plaintext is processed
• block / stream

8
Cryptanalysis

• objective to recover key not just message
• general approaches
• cryptanalytic attack
• brute-force attack

9
More Definitions

• unconditional security
• no matter how much computer power or time is
  available, the cipher cannot be broken since the
  ciphertext provides insufficient information to
  uniquely determine the corresponding plaintext
• computational security
• given limited computing resources (eg time needed
  for calculations is greater than age of
  universe), the cipher cannot be broken

10
Brute Force Search

• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext

Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs
32 232 4.3 ? 109 231 µs 35.8 minutes 2.15 milliseconds
56 256 7.2 ? 1016 255 µs 1142 years 10.01 hours
128 2128 3.4 ? 1038 2127 µs 5.4 ? 1024 years 5.4 ? 1018 years
168 2168 3.7 ? 1050 2167 µs 5.9 ? 1036 years 5.9 ? 1030 years
26 characters (permutation) 26! 4 ? 1026 2 ? 1026 µs 6.4 ? 1012 years 6.4 ? 106 years
11
Modern Block Ciphers

• now look at modern block ciphers
• one of the most widely used types of
  cryptographic algorithms
• provide secrecy /authentication services
• focus on DES (Data Encryption Standard)
• to illustrate block cipher design principles

12
Block vs Stream Ciphers

• block ciphers process messages in blocks, each of
  which is then en/decrypted
• like a substitution on very big characters
• 64-bits or more
• stream ciphers process messages a bit or byte at
  a time when en/decrypting
• many current ciphers are block ciphers
• broader range of applications

13
Block Cipher Principles

• most symmetric block ciphers are based on a
  Feistel Cipher Structure
• block ciphers look like an extremely large
  substitution
• would need table of 264 entries for a 64-bit
  block
• instead create from smaller building blocks
• using idea of a product cipher

14
Ideal Block Cipher
15
Claude Shannon and Substitution-Permutation
Ciphers

• Claude Shannon introduced idea of
  substitution-permutation (S-P) networks in 1949
  paper
• form basis of modern block ciphers
• S-P nets are based on the two primitive
  cryptographic operations seen before
• substitution (S-box)
• permutation (P-box)
• provide confusion diffusion of message key

16
Confusion and Diffusion

• cipher needs to completely obscure statistical
  properties of original message
• a one-time pad does this
• more practically Shannon suggested combining S
  P elements to obtain
• diffusion dissipates statistical structure of
  plaintext over bulk of ciphertext
• confusion makes relationship between ciphertext
  and key as complex as possible

17
Feistel Cipher Structure

• Horst Feistel devised the feistel cipher
• based on concept of invertible product cipher
• partitions input block into two halves
• process through multiple rounds which
• perform a substitution on left data half
• based on round function of right half subkey
• then have permutation swapping halves
• implements Shannons S-P net concept

18
Feistel Cipher Structure
19
Feistel Cipher Design Elements

• block size
• key size
• number of rounds
• subkey generation algorithm
• round function
• fast software en/decryption
• ease of analysis

20
Feistel Cipher Decryption
21
Data Encryption Standard (DES)

• most widely used block cipher in world
• adopted in 1977 by NIST
• as FIPS PUB 46
• encrypts 64-bit data using 56-bit key
• has widespread use
• has been considerable controversy over its
  security

22
DES Encryption Overview
23
DES Round Structure

• uses two 32-bit L R halves
• as for any Feistel cipher can describe as
• Li Ri1
• Ri Li1 ? F(Ri1, Ki)
• Function F takes 32-bit R half and 48-bit subkey
• expands R to 48-bits using permutation E
• adds to subkey using XOR
• passes through 8 S-boxes to get 32-bit result
• finally permutes using 32-bit perm P

24
DES Round Structure
25
Substitution Boxes S

• have eight S-boxes which map 6 to 4 bits
• each S-box is actually 4 little 4 bit boxes
• outer bits 1 6 (row bits) select one row of 4
• inner bits 2-5 (col bits) are substituted
• result is 8 groups of 4 bits, or 32 bits
• row selection depends on both data key
• feature known as autoclaving (autokeying)
• example
• S(18 09 12 3d 11 17 38 39) 5fd25e03

s1
26
DES Key Schedule

• forms subkeys used in each round
• initial permutation of the key (PC1) which
  selects 56-bits in two 28-bit halves
• 16 stages consisting of
• rotating each half separately either 1 or 2
  places depending on the key rotation schedule K
• selecting 24-bits from each half permuting them
  by PC2 for use in round function F
• note practical use issues in h/w vs s/w

27
Avalanche Effect

• key desirable property of encryption algorithms
• where a change of one input or key bit results in
  changing approx half output bits
• making attempts to home-in by guessing keys
  impossible
• DES exhibits strong avalanche

28
Stream Ciphers

• process message bit by bit (as a stream)
• have a pseudo random keystream
• combined (XOR) with plaintext bit by bit
• randomness of stream key completely destroys
  statistically properties in message
• Ci Mi XOR StreamKeyi
• but must never reuse stream key
• otherwise can recover messages (cf book cipher)

29
Stream Cipher Structure
30
Stream Cipher Properties

• some design considerations are
• long period with no repetitions
• statistically random
• depends on large enough key
• large linear complexity
• properly designed, can be as secure as a block
  cipher with same size key
• but usually simpler faster

31
RC4

• a proprietary cipher owned by RSA DSI
• another Ron Rivest design, simple but effective
• variable key size, byte-oriented stream cipher
• widely used (web SSL/TLS, wireless WEP)
• key forms random permutation of all 8-bit values
• uses that permutation to scramble input info
  processed a byte at a time

32
RC4 Encryption

• encryption continues shuffling array values
• sum of shuffled pair selects "stream key" value
  from permutation
• XOR St with next byte of message to en/decrypt
• i j 0
• for each message byte Mi
• i (i 1) (mod 256)
• j (j Si) (mod 256)
• swap(Si, Sj)
• t (Si Sj) (mod 256)
• Ci Mi XOR St

33
RC4 Overview
34
RC4 Security

• claimed secure against known attacks
• have some analyses, none practical
• result is very non-linear
• since RC4 is a stream cipher, must never reuse a
  key
• have a concern with WEP, but due to key handling
  rather than RC4 itself