Dan Boneh Using block ciphers Modes of operation: many time key (CTR) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.

Slides:



Advertisements
Similar presentations
Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
Advertisements

Trusted 3rd parties Basic key exchange
Dan Boneh Block ciphers Exhaustive Search Attacks Online Cryptography Course Dan Boneh.
Online Cryptography Course Dan Boneh
Cryptography: Review Day David Brumley Carnegie Mellon University.
1 PRPs and PRFs CS255: Winter Abstract ciphers: PRPs and PRFs, 2.Security models for encryption, 3.Analysis of CBC and counter mode Dan Boneh, Stanford.
Dan Boneh Authenticated Encryption Active attacks on CPA-secure encryption Online Cryptography Course Dan Boneh.
Authenticated Encryption and Cryptographic Network Protocols David Brumley Carnegie Mellon University.
Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.
1 Brief PRP-PRF Recap CS255 Winter ‘06. 2 PRPs and PRFs PRF: F: K  X  Y such that: exists “efficient” algorithm to eval. F(k,x) PRP: E: K  X  X such.
1 Message Integrity CS255 Winter ‘06. 2 Message Integrity Goal: provide message integrity. No confidentiality. –ex: Protecting public binaries on disk.
#1 EAX A two-pass authenticated encryption mode Mihir BellarePhillip RogawayDavid Wagner U.C. San Diego U.C. Davis and U.C. Berkeley Chiang Mai University.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Dan Boneh Basic key exchange Public-key encryption Online Cryptography Course Dan Boneh.
Active attacks on CPA-secure encryption
Dan Boneh Authenticated Encryption Definitions Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Chosen ciphertext attacks Online Cryptography Course Dan Boneh.
Dan Boneh Public Key Encryption from trapdoor permutations Public key encryption: definitions and security Online Cryptography Course Dan Boneh.
Dan Boneh Authenticated Encryption Case study: TLS Online Cryptography Course Dan Boneh.
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
Attacks on OTP and stream ciphers
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
1.1 Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Dan Boneh Using block ciphers Modes of operation: many time key (CBC) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same.
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Cryptography: Block Ciphers David Brumely Carnegie Mellon University Credits: Slides originally designed by David Brumley. Many other slides are from Dan.
Dan Boneh Collision resistance Introduction Online Cryptography Course Dan Boneh.
1 CIS 5371 Cryptography 4. Message Authentication Codes B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
Dan Boneh Message Integrity CBC-MAC and NMAC Online Cryptography Course Dan Boneh.
Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley Carnegie Mellon University.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Odds and ends Tweakable encryption
Cryptography: Review Day David Brumley Carnegie Mellon University.
Template vertLeftWhite2 Authenticated Encryption Attacking non-atomic decryption Online Cryptography Course Dan Boneh.
Dan Boneh Stream ciphers Stream ciphers are semantically secure Online Cryptography Course Dan Boneh Goal: secure PRG ⇒ semantically secure stream cipher.
CS555Spring 2012/Topic 71 Cryptography CS 555 Topic 7: Stream Ciphers and CPA Security.
Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.
Dan Boneh Collision resistance The Merkle-Damgard Paradigm Online Cryptography Course Dan Boneh.
Dan Boneh Odds and ends Deterministic Encryption Online Cryptography Course Dan Boneh.
Cryptography: Block Ciphers David Brumley Carnegie Mellon University Credits: Many slides from Dan Boneh’s June 2012 Coursera crypto class,
Online Cryptography Course Dan Boneh
Dan Boneh Public Key Encryption from trapdoor permutations Constructions Online Cryptography Course Dan Boneh Goal: construct chosen-ciphertext secure.
Dan Boneh Authenticated Encryption CBC paddings attacks Online Cryptography Course Dan Boneh.
1 HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption Tetsu Iwata (Nagoya University, Japan) Kan Yasuda (NTT Corporation, Japan)
Dan Boneh Authenticated Encryption Constructions from ciphers and MACs Online Cryptography Course Dan Boneh.
Cryptography: Block Ciphers David Brumely Carnegie Mellon University Credits: Slides originally designed by David Brumley. Many other slides are from Dan.
CS555Spring 2012/Topic 141 Cryptography CS 555 Topic 14: CBC-MAC & Hash Functions.
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016.
Using block ciphers Review: PRPs and PRFs
PRPs and PRFs CS255: Winter 2017
Block Cipher Modes CS 465 Make a chart for the mode comparisons
Cryptography Lecture 12.
Topic 5: Constructing Secure Encryption Schemes
Cryptography Lecture 10.
Cryptography Lecture 7 Arpita Patra © Arpita Patra.
Block cipher and modes of encryptions
Cryptography Lecture 7 Arpita Patra © Arpita Patra.
Cryptography Lecture 11.
Symmetric-Key Encryption
Cryptography Lecture 8.
Cryptography Lecture 9.
Cryptography Lecture 12.
Topic 13: Message Authentication Code
Cryptography Lecture 9.
Cryptography Lecture 11.
Cryptography Lecture 10.
Presentation transcript:

Dan Boneh Using block ciphers Modes of operation: many time key (CTR) Online Cryptography Course Dan Boneh Example applications: 1. File systems: Same AES key used to encrypt many files. 2. IPsec: Same AES key used to encrypt many packets.

Dan Boneh Construction 2: rand ctr-mode m[0]m[1]… F(k,IV)F(k,IV+1)… m[L] F(k,IV+L)  c[0]c[1]…c[L] IV note: parallelizable (unlike CBC) msg ciphertext Let F: K × {0,1} n {0,1} n be a secure PRF. E(k,m): choose a random IV  {0,1} n and do:

Dan Boneh Construction 2’: nonce ctr-mode m[0]m[1]… F(k,IV)F(k,IV+1)… m[L] F(k,IV+L)  c[0]c[1]…c[L] IV msg ciphertext nonce 128 bits counter IV: 64 bits To ensure F(k,x) is never used more than once, choose IV as: starts at 0 for every msg

Dan Boneh rand ctr-mode (rand. IV) : CPA analysis Counter-mode Theorem: For any L>0, If F is a secure PRF over (K,X,X) then E CTR is a sem. sec. under CPA over (K,X L,X L+1 ). In particular, for a q-query adversary A attacking E CTR there exists a PRF adversary B s.t.: Adv CPA [A, E CTR ]  2  Adv PRF [B, F] + 2 q 2 L / |X| Note: ctr-mode only secure as long as q 2 L << |X|. Better then CBC !

Dan Boneh An example q = # messages encrypted with k, L = length of max message Suppose we want Adv CPA [A, E CTR ] ≤ 1/2 32 ⇐ q 2 L /|X| < 1/ 2 32 AES: |X| = ⇒ q L 1/2 < 2 48 So, after 2 32 CTs each of len 2 32, must change key (total of 2 64 AES blocks) Adv CPA [A, E CTR ]  2  Adv PRF [B, E] + 2 q 2 L / |X|

Dan Boneh Comparison: ctr vs. CBC CBCctr mode uses PRPPRF parallel processing NoYes Security of rand. enc. q^2 L^2 << |X|q^2 L << |X| dummy padding block YesNo 1 byte msgs (nonce-based) 16x expansionno expansion (for CBC, dummy padding block can be solved using ciphertext stealing)

Dan Boneh Summary PRPs and PRFs: a useful abstraction of block ciphers. We examined two security notions: (security against eavesdropping) 1.Semantic security against one-time CPA. 2.Semantic security against many-time CPA. Note: neither mode ensures data integrity. Stated security results summarized in the following table: one-time keyMany-time key (CPA) CPA and integrity Sem. Sec. steam-ciphers det. ctr-mode rand CBC rand ctr-mode later Goal Power

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.