Cryptography Lecture 17.

Slides:



Advertisements
Similar presentations
6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
Advertisements

Lecture 5: Cryptographic Hashes
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
CS470, A.SelcukLucifer & DES1 Block Ciphers Lucifer & DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Lecture 23 Symmetric Encryption
6. Practical Constructions of Symmetric-Key Primitives
CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on “A Tutorial on Linear and Differential Cryptanalysis” by Howard Heys.] Modern block ciphers.
CSCI 5857: Encoding and Encryption
Chapter 20 Symmetric Encryption and Message Confidentiality.
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.
13. Other Block Ciphers 13.1 LUCIFER 13.2 MADRYGA 13.3 NEWDES 13.4 FEAL 13.5 REDOC 13.6 LOKI.
Classical Encryption techniques
1 CIS 5371 Cryptography 5a. Pseudorandom Objects in Practice Block Ciphers B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
Lecture 23 Symmetric Encryption
Fifth Edition by William Stallings
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Block Ciphers and the Advanced Encryption Standard
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
1 A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher Souradyuti Paul and Bart Preneel K.U. Leuven, ESAT/COSIC.
Information and Network Security Lecture 2 Dr. Hadi AL Saadi.
@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.
CS480 Cryptography and Information Security
Chapter3: Block Ciphers and the Data Encryption Standard
School of Computer Science and Engineering Pusan National University
6b. Practical Constructions of Symmetric-Key Primitives.
Classical Encryption techniques
Data Encryption Standard
Outline Desirable characteristics of ciphers Stream and block ciphers
Cryptography Lecture 9.
Homework 2 Statistics Harry Hagrid Minimum Value Maximum Value
Cryptography Lecture 18.
Cryptography and Network Security Chapter 3
Cryptography Lecture 16.
Cryptography Lecture 19.
Cryptography Lecture 7.
ICS 454: Principles of Cryptography
Fifth Edition by William Stallings
Block Ciphers and the Data Encryption Standard (DES)
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Chapter -2 Block Ciphers and the Data Encryption Standard
Cryptography Lecture 8.
Block Ciphers (Crypto 2)
Cryptography Lecture 9.
Cryptography Lecture 7.
DES (Data Encryption Standard)
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography Lecture 6.
Cryptography Lecture 16.
Cryptography Lecture 17.
Cryptography Lecture 15.
Cryptography Lecture 18.
Florida State University
Cryptography Lecture 15.
Presentation transcript:

Cryptography Lecture 17

Recall… Want keyed permutation F: {0,1}n x {0,1}l  {0,1}l n = key length, l = block length Want Fk (for uniform, unknown key k) to be indistinguishable from a uniform permutation over {0,1}l

Designing block ciphers If x and x’ differ in one bit, what should be the relation between Fk(x) and Fk(x’)? How many bits should change (on average)? Which bits should change? How to achieve this?

Confusion/diffusion “Confusion” “Diffusion” Small change in input should result in local, “random” change in output “Diffusion” Local change in output should be propagated to entire output

SPNs Build “random-looking” permutation on large input from random permutations on small inputs E.g., assume 8-byte block length Fk(x) = fk1(x1) fk2(x2) … fk8(x8), where each f is a random permutation How long is k?

SPN . . . fk1 fk2 Is this a pseudorandom function?

SPN This has confusion but no diffusion Add a mixing permutation…

SPN . . . fk1 fk2 . . .

Invertibility Note that the structure is invertible (given the key) since the f’s are permutations

SPN Mixing permutation is public Chosen to ensure good diffusion Does this give a pseudorandom function? What if we repeat for another round (with independent, random functions)? What is the minimal # of rounds we need? Avalanche effect

SPN Using random f’s is not practical Key would be too large Instead, use f’s of a particular form fki(x) = Si(ki  x), where Si is a public permutation Si are called “S-boxes” (substitution boxes) XORing the key is called “key mixing” Note that this is still invertible (given the key)

k1  . . . S1 S2

Avalanche effect Design S-boxes and mixing permutation to ensure avalanche effect Small differences should eventually propagate to entire output S-boxes: 1-bit change in input causes ≥2-bit change in output Not so easy to ensure! Mixing permutation Each bit output from a given S-box should feed into a different S-box in the next round

SPN One round of an SPN involves Key mixing Ideally, round keys are independent In practice, derived from a master key via key schedule Substitution (S-boxes) Permutation (mixing permutation) r-round SPN has r rounds as above, plus a final key-mixing step Why? Invertible regardless of how many rounds…

Key-recovery attacks Key-recovery attacks are even more damaging than distinguishing attacks As before, a cipher is secure only if the best key-recovery attack takes time 2n A fast key-recovery attack represents a “complete break” of the cipher

Key-recovery attack, 1-round SPN Consider first the case where there is no final key-mixing step Possible to get the key immediately! What about a full 1-round SPN? Attack 1: for each possible 1st-round key, get corresponding 2nd-round key Continue process of elimination Complexity 2l for key of length 2l

Key-recovery attack, 1-round SPN Better attack: work S-box-by-S-box Assume 8-bit S-box For each 8 bits of 1st-round key, get corresponding 8 bits of 2nd-round key Continue process of elimination Complexity?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.