1 / 41

Chapter 3: Secret Key Cryptography

Chapter 3: Secret Key Cryptography. CS 772/872: Fall 2005. General Block Encryption.

domani
Download Presentation

Chapter 3: Secret Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3: Secret Key Cryptography CS 772/872: Fall 2005

  2. General Block Encryption • The general way of encrypting a 64-bit block is to take each of the:264 input values and map it to a unique one of the 264 output values.This would take (264 )*(64) = 270  bits. NOT practical. • Secret key cryptographic systems take a reasonable length key (e.g., 64 bits) and generate a one-to-one mapping that appears, to someone who does not know the key, as completely random.I.e., any single bit change in the input results in a totally independent random number output.

  3. Types of transformation for k-bit blocks • Substitution:Specify for each of the 2k possible values of the input, the k-bit output.This takes k.2k bits. This is reasonable for k=8. • Permutation:Specify for each of the k input bits, the output position to which it goes.This takes k*log2 k bits. • Figure 3-1 shows a secret key algorithm based on rounds of substitution and permutation. If we do only a single  round, then a bit of input can only affect 8 bits of output. There is an optimal number of rounds to achieve complete randomization.The algorithm take the same effort to reverse (decrypt).

  4. Data Encryption Standard (DES) • Key length: 56 + 8 parity bits = 64 bits • 8 bits are used for parity check,why is that? Possible reason: to make it 256 times less secure against exhaustive search!read p. 63 in the textbook. • How secure is DES?In 1998, $150K machine can break the key in 5 days!For added security, triple DES is 256more secure.

  5. Why decryption works? • oThe output of the Mangler Function  (M) is the same for both encryption and decryption. • oIn encryption: M ® Ln = Rn+1 • oIn decryption: M ® Rn+1 = M ® ( M ® Ln ) = Ln

  6. The Mangler Function:  (Figure 3-7) • Expands R from 32 bit to 48 bits as shown in Fig 3-7: • It breaks R into eight 4-bit chunks and expand each to 6-bit by concatenating the adjacent  2 bits. Let CRi refer to chunk i of expanded R. The 48-bit K is broken to eight 6-bit chunks.  • Let CKi refer to chunk i of  K. Let Si  = CRi ® Cki; Si is fed into an S-box, a substitution which produces a 4-bit output for each possible 6-bit input as shown in Figure 3-8 • The 8 S-boxes specified  in Figures 3-9 to 3-16. • The 4-bit output of each of the eight S-boxes is permuted as shown in Figure 3-17 (it has security value to ensure that the output of an S-box in one round affects the input of multiple S-boxes on the next round):

  7. Mangler Function in DES

  8. Mangler Function • 48-bit Key and the expanded 48-bit R are broken into 8 chunks of 6-bits each.

  9. International Data Encryption Algorithm (IDEA) • Encrypts 64-bit blocks using 128-bit key.It is similar to DES since it: • operates in rounds • the mangler function runs in the same direction for both encryption and decryption • It differs from DES since: • Designed to be efficient in software (as opposed to DES’s hardware orientation) • The encryption and decryption keys are different but related in a complex manner.

  10. IDEA primitive operations • ®  exclusive OR + addition mod 216 andx  multiplication mod 216+1 • These operations are reversible: • a ® K = A    »    A ® K  =  a           since   (a ® K) ® K =  aa + K = A     »    A + (-K) = a         since   (a + K) + (-K) = aa x K = A     »    A x (K-1) = a        since (a x K) x (K-1) = aK-1 is the multiplicative inverse of K such that K K-1 = 1 mod (216+1) • Example: K = 1101; -K=0000-1101=0011, a=1001, K-1 = 0100 (Since 4*13=52 = 1+3*17 (17 = 24+1); Euclid’s algorithm sec 7.4) • a ® K=0100; (a ® K) ® K=1001; • a+K= 0110; (a+K)+(-K)=1001 • axK= 9*13 mod 17=15; (axK)xK-1mod 17 = 60 mod 17 = 9 = 1001

  11. Key Expansion (Encryption) • The 128-bit key is expanded into 52  16-bit keys: K1, K2 , ....K52.Step 1: Keys K1….K8 are generated by taking 8 chunks of 16-bits each Step 2: Keys K9…K16 are generated by starting from the 25th bit, wrapping around the first 25 bits at the end, and taking 16-bit chunks. Step 3: Wrap around 25 more bits to the end, and generate keys K17…K24. This process is repeated until all keys K1…K52 are generated

  12. X is the modified multiply operation, and + is a modified add. • To get the original values back, the inverse of Ka is used for X and –Xb (mod 216) for +.

  13. Decryption • Same code can perform either encryption or decryption given different expanded keys. • The the inverses of the encryption keys and use them in the opposite order (use the inverse of the last-used encryption key as the first used used when doing encryption). • Since the last encryption round (an odd-round) used keys K49,K50,K51,K52, • The first decryption round uses the inverses of the keys K49-K52.

  14. Even Round: (Figure 3-22)

  15. Advanced  Encryption Standard (AES) • Developed with the help of NIST as an efficient, flexible, secure andunencumbered (free to implement) standard  for protectingsensitive non classified, U.S. government information. • NIST selected an algorithm called Rijndael (named after two Belgium cryptographers: Rijmen + Daemen). • It uses a variety of block and key sizes (mainly 128, 192 and 256)and the standards are named: AES-128, AES-192, AES-256!(block sizes are fixed in all to 128 bits). • It is similar to DES and IDEA in that there are rounds and key expansion.

  16. Basic Structure: (Figure 3-23)

  17. AES: Parameters • Nb: is the number of 32-bit words in an encryption  block.E.g., for AES-128: Nb = 4. • Nk: is the number of 32-bit words in an encryption key.E.g., for AES-128: Nk = 4. • Nr: is the number of rounds.It should be large enough to allow sufficient mixing so thateach bit of a plain text block or a key has a complex effect oneach bit of the resulting cipher text. • Nr = 6 + Max (Nb, Nk),E.g., for AES-128: Nr = 10.

  18. Primitive Operations • ® XOR • Octet-Substitution (S-box) (see Figure 3-24) • A rearrangement of octets (rotating rows and columns). • An operation called MixColumn:  Replace a column with another. Each octet of the input column is used as index to retrieve a column from a table (see Figure 3-26). each retrieved column is rotated and the four rotated columns are ®'d together to produce the output column (see Figure 3-25); nibble = 4 bits

  19. Inverse Cipher: • ·® is its own inverse • ·The inverse of S-box is given by a different table (Fig 3-27) • ·The inverse of rotating is another rotation in the opposite direction. • ·The inverse of MixColumn is called InvMixCoumn is just like MixColumn using a different table (Fig 3-28).

  20. Key Expansion • Arrange the key as Nk columns and iteratively generate the next Nk columns(see Figure 3-29 and 3-30). The Ci  are constants  defined  in Figure 3-31.

  21. Rounds Each round is an identical sequence of 3 operations:1. Each octet of the state has the S-box applied.2. For AES-128:    Row  i of the state  is rotated  lefti columns (i=0, 1, 2, 3).3. Each column of the state has MixColumn applied to it    (The last round omits this operation).

  22. Inverse Rounds • Since each operation is invertible, decryption can be done by performingthe inverse of each operation in the opposite order andusing the round keys in the reverse order.

  23. RC4 • Ron Rivest (of the famous RCA) is the inventor • A long random string is  called a one-time pad.A stream cipher generates a one-time pad and applies it to a stream of plain text with ®.RC4 is a stream cipher designed by Ron Rivest.Page 93 gives a C code for RC4 one-time pad generator.

More Related