Chapter 3: Secret Key Cryptography - PowerPoint PPT Presentation

1 / 41
About This Presentation
Title:

Chapter 3: Secret Key Cryptography

Description:

Data Encryption Standard (DES) Key length: 56 + 8 parity bits = 64 bits 8 bits are used for parity check, why is that? Possible reason: ... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 42
Provided by: muk1
Learn more at: https://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: Chapter 3: Secret Key Cryptography


1
Chapter 3 Secret Key Cryptography
  • CS 472 Fall 2012

2
General Block Encryption
  • The general way of encrypting a 64-bit block is
    to take each of the 264 input values and map it
    to a unique one of the 264 output values. This
    would take (264 )(64) 270  bits. NOT
    practical.
  • Secret key cryptographic systems take a
    reasonable length key (e.g., 64 bits) and
    generate a one-to-one mapping that appears, to
    someone who does not know the key, as completely
    random. I.e., any single bit change in the input
    results in a totally independent random number
    output.

3
Types of transformation for k-bit blocks
  • Substitution Specify for each of the 2k possible
    values of the input, the k-bit output. This takes
    k.2k bits. This is reasonable for k8.
  • Permutation Specify for each of the k input
    bits, the output position to which it goes. This
    takes klog2 k bits.
  • Figure 3-1 shows a secret key algorithm based on
    rounds of substitution and permutation. If we do
    only a single  round, then a bit of input can
    only affect 8 bits of output. There is an optimal
    number of rounds to achieve complete
    randomization. The algorithm take the same effort
    to reverse (decrypt).

4
(No Transcript)
5
Data Encryption Standard (DES)
  • Key length 56 8 parity bits 64 bits
  • 8 bits are used for parity check, why is that?
    Possible reason to make it 256 times less secure
    against exhaustive search! read p. 63 in the
    textbook.
  • How secure is DES? In 1998, 150K machine can
    break the key in 5 days! For added security,
    triple DES is 256 more secure.

6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
Why decryption works?
  • o        The output of the mangler Function  (M)
    is the same for both encryption and decryption.
  • o        In encryption M Ln Rn1
  • o        In decryption M Rn1 M ( M Ln )
    Ln

15
The Mangler Function  (Figure 3-7)
  • Expands R from 32 bits to 48 bits as shown in Fig
    3-7
  • It breaks R into eight 4-bit chunks and expand
    each to 6-bit by concatenating the adjacent  2
    bits. Let CRi refer to chunk i of expanded R. The
    48-bit K is broken to eight 6-bit chunks. 
  • Let CKi refer to chunk i of  K. Let Si  CRi
    Cki Si is fed into an S-box, a substitution
    which produces a 4-bit output for each possible
    6-bit input as shown in Figure 3-8
  • The 8 S-boxes specified  in Figures 3-9 to 3-16.
  • The 4-bit output of each of the eight S-boxes is
    permuted as shown in Figure 3-17 (it has security
    value to ensure that the output of an S-box in
    one round affects the input of multiple S-boxes
    on the next round)

16
Mangler Function in DES
17
Mangler Function
  • 48-bit Key and the expanded 48-bit R are broken
    into 8 chunks of 6-bits each.

18
(No Transcript)
19


20
International Data Encryption Algorithm (IDEA)
  • Encrypts 64-bit blocks using 128-bit key. It is
    similar to DES since it
  • operates in rounds
  • the mangler function runs in the same direction
    for both encryption and decryption
  • It differs from DES since
  • Designed to be efficient in software (as opposed
    to DESs hardware orientation)
  • The encryption and decryption keys are different
    but related in a complex manner.

21
(No Transcript)
22
IDEA primitive operations
  •    exclusive OR   addition mod 216 and x 
    multiplication mod 2161
  • These operations are reversible
  • a K A        A K    a           since  
    (a K) K   a a K A         A (-K)
    a         since   (a K) (-K) a a x K
    A         A x (K-1) a        since (a x K) x
    (K-1) a K-1 is the multiplicative inverse of K
    such that K K-1 1 mod (2161)
  • Example Consider 24 instead of 216. K 1101
    -K0000-11010011, a1001, K-1 0100 (Since
    41352 1317 (17 241) Euclids algorithm
    sec 7.4)
  • a K0100 (a K) K1001
  • aK 0110 (aK)(-K)1001
  • axK 913 mod 1715 (axK)xK-1mod 17 60 mod 17
    9 a

23
Key Expansion (Encryption)
  • The 128-bit key is expanded into 52  16-bit keys
    K1, K2 , ....K52. Step 1 Keys K1.K8 are
    generated by taking 8 chunks of 16-bits each
  • Step 2 Keys K9K16 are generated by starting
    from the 25th bit, wrapping around the first 25
    bits at the end, and taking 16-bit chunks.
  • Step 3 Wrap around 25 more bits to the end, and
    generate keys K17K24.
  • This process is repeated until all keys K1K52
    are generated

24
  • X is the modified multiply operation, and is a
    modified add.
  • To get the original values back, the inverse of
    Ka is used for X and Xb (mod 216) for . (16-bit
    keys 64-bit data broken up into 4 16-bit blocks
    Xa, Xb, Xc, Xd)

25
Decryption
  • Same code can perform either encryption or
    decryption given different expanded keys.
  • The the inverses of the encryption keys and use
    them in the opposite order (use the inverse of
    the last-used encryption key as the first used
    used when doing encryption).
  • Since the last encryption round (an odd-round)
    used keys K49,K50,K51,K52,
  • The first decryption round uses the inverses of
    the keys K49-K52.

26
Even Round (Figure 3-22)
27
Advanced  Encryption Standard (AES)
  • Developed with the help of NIST as an efficient,
    flexible, secure and unencumbered (free to
    implement) standard  for protecting sensitive non
    classified, U.S. government information.
  • NIST selected an algorithm called Rijndael (named
    after two Belgium cryptographers Rijmen
    Daemen).
  • It uses a variety of block and key sizes (mainly
    128, 192 and 256) and the standards are named
    AES-128, AES-192, AES-256! (block sizes are
    fixed in all to 128 bits).
  • It is similar to DES and IDEA in that there are
    rounds and key expansion.

28
Basic Structure (Figure 3-23)
29
AES Parameters
  • Nb is the number of 32-bit words in an
    encryption  block. E.g., for AES-128 Nb 4.
  • Nk is the number of 32-bit words in an
    encryption key. E.g., for AES-128 Nk 4.
  • Nr is the number of rounds. It should be large
    enough to allow sufficient mixing so that each
    bit of a plain text block or a key has a complex
    effect on each bit of the resulting cipher text.
  • Nr 6 Max (Nb, Nk), E.g., for AES-128 Nr
    10.

30
Primitive Operations
  • XOR
  • Octet-Substitution (S-box) (see Figure 3-24)
  • A rearrangement of octets (rotating rows and
    columns).
  • An operation called MixColumn  Replace a column
    with another. Each octet of the input column is
    used as index to retrieve a column from a table
    (see Figure 3-26). each retrieved column is
    rotated and the four rotated columns are 'd
    together to produce the output column (see Figure
    3-25) nibble 4 bits

31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
Inverse Cipher
  •     is its own inverse
  •     The inverse of S-box is given by a different
    table (Fig 3-27)
  •    The inverse of rotating is another rotation
    in the opposite direction.
  •    The inverse of MixColumn is called
    InvMixCoumn is just like MixColumn using a
    different table (Fig 3-28).

35
Key Expansion
  • Arrange the key as Nk columns and iteratively
    generate the next Nk columns (see Figure 3-29
    and 3-30). The Ci  are constants  defined  in
    Figure 3-31.

36
(No Transcript)
37
(No Transcript)
38
Rounds
  • Each round is an identical sequence of 3
    operations 1. Each octet of the state has the
    S-box applied. 2. For AES-128     Row  i of
    the state  is rotated  left i columns (i0, 1, 2,
    3). 3. Each column of the state has MixColumn
    applied to it     (The last round omits this
    operation).

39
Inverse Rounds
  • Since each operation is invertible, decryption
    can be done by performing the inverse of each
    operation in the opposite order and using the
    round keys in the reverse order.

40
RC4
  • Ron Rivest (of the famous RCA) is the inventor
  • A long random string is  called a one-time pad.
    A stream cipher generates a one-time pad and
    applies it to a stream of plain text with . RC4
    is a stream cipher designed by Ron Rivest. Page
    93 gives a C code for RC4 one-time pad generator.

41
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com