Presentation is loading. Please wait.

Presentation is loading. Please wait.

@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.

Published byRoss Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue."— Presentation transcript:

1 @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue

2 @Yuan Xue (yuan.xue@vanderbilt.edu) From Classical Ciphers to Modern Ciphers Classical Cipher  Modern Cipher (Block cipher) Alphabetic letters  Binary data  Easy to do Large block size, large key space Relationship between key and plaintext-to-ciphertext map needs to be complex (e.g., can not be a linear mapping)  How substitution should be specified? Design Principle Solution in a nutshell Substitution + Transposition  Feistel Network Illustrate Solution with DES design

3 @Yuan Xue (yuan.xue@vanderbilt.edu) An exercise before we start n-bit block Number of all possible plaintext? Number of all possible plaintext-to-ciphertext mapping? Number of keys needed? Required key length? K-bit key How many possible keys?

4 @Yuan Xue (yuan.xue@vanderbilt.edu) An example Encryption/ decryption mapping can be defined by a tabulation Ideal block cipher Maximum number of possible encryption mapping Each mapping constitutes the key How to design/represent the key and assign it to each mapping?

5 @Yuan Xue (yuan.xue@vanderbilt.edu) Another exercise Let X be a random variable with n values. Let the elements of its probability distribution P(X) be p 1, p 2, …, p n, such that p 1  p 2  …  p n. What is the average number of guesses needed to determine the value of X using an optimal strategy? This example shows how statistical information (of plaintext) helps to reduce the effort of hacking the text. For statistical analysis, we care more about the correlation statistics between the plaintext and the ciphertext. (mutual information)

6 @Yuan Xue (yuan.xue@vanderbilt.edu) Block Cipher Principle Statistical analysis Attacker has some knowledge of the statistical characteristics of the plaintext If the statistics are in any way reflected in the ciphtertext, then it reduces the complexity for the attacker to guess the plaintext Ideally, the statistics of plaintext and ciphertext is independent

7 @Yuan Xue (yuan.xue@vanderbilt.edu) Block Cipher Principle Design a symmetric key cryptographic scheme with enough security Using a reasonable large block size  Minimizes the correlation statistics between the plaintext and the ciphertext  Against frequency analysis With a reasonable size key  Against to brute-force attack where the attackers may search through all possible keys These two conditions are necessary but not sufficient The relationship among plaintext, ciphertext and key is also important  Intuitively, the mapping from plaintext to ciphertext via key should be “random”

8 @Yuan Xue (yuan.xue@vanderbilt.edu) Encryption Algorithm Security Unconditionally secure If the ciphertext generated by the algorithm does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available, and how much time an opponents has.  One-time pad Computationally secure The cost of breaking the cipher exceeds the value of the encrypted information The time required to break the cipher exceeds the useful lifetime of the information

9 @Yuan Xue (yuan.xue@vanderbilt.edu) Secure Pseudorandom Function (PRF) Let F: K  X  Y be a PRF Funs[X,Y]: the set of all functions from X to Y S F = { F(k,  ) s.t. k  K }  Funs[X,Y] Intuition: a PRF is secure if a random function in Funs[X,Y] is indistinguishable from a random function in S F SFSF Size |K| Funs[X,Y] Size |Y| |X| Credit: Dan Boneh, “Introduction to Cryptography”

10 @Yuan Xue (yuan.xue@vanderbilt.edu) Secure Pseudorandom Permutation (PRP) Let E: K  X  Y be a PRP Perms[X]: the set of all one-to-one functions from X to Y S F = { E(k,  ) s.t. k  K }  Perms[X,Y] Intuition: a PRP is secure if a random function in Perms[X] is indistinguishable from a random function in S F k  K π  Perms[X] x  X π(x) or E(k,x) ? ??? Credit: Dan Boneh, “Introduction to Cryptography”

11 @Yuan Xue (yuan.xue@vanderbilt.edu) Block Cipher Principle Two methods Diffusion makes the statistical relationship between plaintext and the ciphertext as complex and as involved as possible  redundancy in the statistics of the plaintext is "dissipated" in the statistics of the ciphertext  Against frequency analysis  Avalanche effect Each plaintext bit affect as many as possible ciphertext bit Let’s see a demodemo Confusion makes the relationship between the key and the plaintext/ciphertext as complex and as involved as possible  Ideally, the relationship between plaintext/ciphertext is independent of the structure of the key

12 @Yuan Xue (yuan.xue@vanderbilt.edu) Block Cipher Principle Confusion makes the relationship between the key and the plaintext/ciphertext as complex and as involved as possible  Ideally, the relationship between plaintext/ciphertext is independent of the structure of the key  Hard to find the key even if one has a large number of plaintext-ciphertext pairs produced with the same key Hill cipher is a bad example  Arbitrary substitution cipher is a good (ideal) example  but it is not practical  Still we hope changing one bit of the key should change the ciphertext completely.

13 @Yuan Xue (yuan.xue@vanderbilt.edu) Block Cipher Principle Feistel Network  Product ciphers use the two classical encryption forms: substitution and transposition, alternatively in multiple rounds to achieve both confusion and diffusion respectively  Substitution is a mechanism primarily for confusion  Transposition + substitution is a technique for diffusion

14 @Yuan Xue (yuan.xue@vanderbilt.edu) Feistel Network Design features/parameters Block size Key size Number of rounds Subkey generation algorithm Round function (F)

15 @Yuan Xue (yuan.xue@vanderbilt.edu) Feistel Network The process of decryption with a Feistel cipher is essentially the same as the encryption process. Rule: Use the ciphertext as input to the algorithm, but use the subkeys in the reverse order

Download ppt "@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue."

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Cryptography and Network Security, resuming some notes Dr. M. Sakalli.

Cryptography and Network Security, resuming some notes Dr. M. Sakalli.
Announcement Grading adjusted –10% participation and two exams 20% each Newsgroup up Assignment upload webpage up Homework 1 will be released over the.

Announcement Grading adjusted –10% participation and two exams 20% each Newsgroup up Assignment upload webpage up Homework 1 will be released over the.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Ref: STAL03More Concepts of Cryptography and Cryptanalysis 1 Reference –William Stallings, Cryptography and Network Security, 3rd Edition, Prentice Hall.

Ref: STAL03More Concepts of Cryptography and Cryptanalysis 1 Reference –William Stallings, Cryptography and Network Security, 3rd Edition, Prentice Hall.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Review What is security: history and definition Security policy, mechanisms and services Security models.

Review What is security: history and definition Security policy, mechanisms and services Security models.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Network Security Chapter

Network Security Chapter
CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.

CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.
CSE 651: Introduction to Network Security

CSE 651: Introduction to Network Security

Similar presentations

Ads by Google