Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Team Presentation 1

Published byMarcel Rochette Modified over 6 years ago

Similar presentations

Presentation on theme: "Cryptography Team Presentation 1"— Presentation transcript:

1 Cryptography Team Presentation 1
“Implementation of a RC5 block cipher algorithm and implementing an attack on it” Agarwal, Kshitij Rao, Prashant Project Mentor – Prof. Alan Kaminsky

2 About RC5 Fast symmetric block cipher
Same key for encryption and decryption Plaintext and ciphertext are fixed-length bit sequences (blocks)

3 Parameters of RC5 RC5 – w/r/b E.g. RC5 – 32/16/10 w = 32 bits
r = 16 rounds b = 10-byte (80-bit) secret key variable t = 2 (r + 1) = 2 (16 + 1) = 34 rounds

4 Important parameters in details
“w”(bits) – variable word size Allowable choice for “w” in RC5– 16,32 and 64 Suggested 32 “Two” word input (plaintext) block size – 64-bit plaintext “Two” word output (ciphertext) block size – 64-bit ciphertext Design accepts all w > 0 Variable word size can exploit longer word length of processors like 64 – bit processors.

5 Important parameters in details
“r” – variable number of rounds Tradeoff between high speed and high security. Allowed values 0-255 Suggested – 12 Higher the number of rounds provides increased level of security. “S” – Expanded key table – derived from user’s secret key. “t” – The size of table “S” (depends on “r”) t = 2 ( r + 1 ) words.

6 Important parameters in details
“b” – variable length secret cryptographic key The number of bytes in the secret key K. 16 bytes suggested with allowed values from 0 – 255 “K” – The b-byte secret key : K[0], K[1], ..., K[b-1].

7 Discussion on parameters
RC5 cannot be secure for all possible values r = 0 No rounds of security will provide no encryption r = 1 One round will provide very less security As a matter of fact, it can be easily broken b = 0 No key, no security Maximum allowable parameter values will be overkill. Nominal Choice Proposed RC5 – 32/12/16

8 Notation and RC5 Primitive Ops
Three Primitive operations(and their inverses) Two’s complement addition of words, modulo 2w ‘+’ Inverse op , subtraction, ‘-’ Bit-wise exclusive OR of words, denoted by ⊕ A left-rotation of words x <<< y , cyclic rotation of word x left by y bits One word of the intermediate results is cyclically rotated by an amount determined bits of another intermediate results. The inverse operation is right-rotation, x>>>y

9 Note We see that rotations are ‘rotations by variable amount’ that is plaintext dependent We know that on modern microprocessors, a variable rotation takes constant-time Time is independent of the rotation amount y No other non-linear operations in RC5 Strength,therefore, relies on data-dependent rotations

10 RC5 Algorithm Three parts:- Key Expansion Encryption Algorithm
Decryption Algorithm

11 RC5 Algorithm – Key Expansion
Requirements of key expansion Filling the expanded key table array S[0…t – 1] with random binary words “t” – Size of table “S” => 2 ( r+1 ) S table is not an “S-box” like DES. Entries in S sequentially, one at a time. Random binary words are derived from the K.

12 RC5 Algorithm – Key Expansion
Starting with two magic constants Two word-sized binary constants Pw = Odd((e - 2) 2w ) Qw = Odd((φ – 1) 2w ) e = … (base of natural logarithms) Φ = … (golden ratio), Where, Odd(x) is the odd integer nearest to x For w = 16 and 32 in hexadecimal form P16 = b7e1 Q16 = 9e37 P32 = b7e15163 Q32 = 9e3779b9

13 RC5 Algorithm – Key Expansion
Converting the Secret Key from Bytes to Words c = ceiling(b/u) words Pseudo code for conversion:- Image Source:

14 RC5 Algorithm – Key Expansion
Initializing the S Array Initialization to a particular fixed(key- independent) Image Source:

15 RC5 Algorithm – Key Expansion
Mixing in the Secret Key Pseudo code:- Image Source:

16 RC5 Algorithm Encryption Algorithm
Two w-bit words are denoted as A and B A = A + S[0]; B = B + S[1]; for i = 1 to r do A = (( A ⊕ B ) <<< B ) + S[ 2 * i ]; B = (( B ⊕ A) <<< A ) + S[ 2 * i + 1]; The output is in the registers A and B. Work is done on both A and B, unlike DES where only half input is updated. Image Source:

17 RC5 Algorithm Decryption Algorithm (easily derived from encryption)
Two w-bit words are denoted as A and B for i = r downto 1 do B = (( B – S[ 2 * i + 1 ]) >>> A) ⊕ A; A = (( A – S[ 2 * i ] >>> B) ⊕ B; B = B - S[1]; A = A - S[0]; The output is in the registers A and B.

18 Important Notes Data dependent rotations – amount of rotation is not pre-determined. The behavior of each round is different as the rotation amount is different. Each round ends by adding expanded key from S It was experimentally[1] determined that after eight rounds in RC5-32, each message bit affected some rotation amount. [1]: Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96.

19 Next Presentation Differential Attack will be performed.
Difficult because bits are rotated to “random” positions in each round. Analysis of the requirements of the attack. Analysis of the results of the attack.

20 References Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96. RC5 Encryption Diagram

21 THANK YOU Questions, if any.

Download ppt "Cryptography Team Presentation 1"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.

Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Cryptography and Network Security

Cryptography and Network Security
1 Chapter 3 Ciphers Mechanism that decides the process of encryption/decryption Stream Cipher: Bit-by-bit encryption / decryption Block Cipher: Block-by-block.

1 Chapter 3 Ciphers Mechanism that decides the process of encryption/decryption Stream Cipher: Bit-by-bit encryption / decryption Block Cipher: Block-by-block.
Blowfish A widely used block cipher. Blowfish Designed by Bruce Schneier (1993) A variant of it (Twofish) was an AES finalist candidate 64-bit block size,

Blowfish A widely used block cipher. Blowfish Designed by Bruce Schneier (1993) A variant of it (Twofish) was an AES finalist candidate 64-bit block size,
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.

Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.
Cryptography Team Presentation 2

Cryptography Team Presentation 2
Improving Encryption Algorithms Betty Huang Computer Systems Lab 2009-2010.

Improving Encryption Algorithms Betty Huang Computer Systems Lab
“Implementation of a RC5 block cipher algorithm and implementing an attack on it” Cryptography Team Presentation 1.

“Implementation of a RC5 block cipher algorithm and implementing an attack on it” Cryptography Team Presentation 1.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google