Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chap. 6: Contemporary Symmetric Ciphers Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chap. 6: Contemporary Symmetric Ciphers Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown."— Presentation transcript:

1 Chap. 6: Contemporary Symmetric Ciphers Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown

2 "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and sixty separate ciphers," said Holmes. — The Adventure of the Dancing Men, Sir Arthur Conan Doyle

3 Outline Characteristics of advanced symmetric block cipher Triple DES Blowfish RC5 RC4 stream cipher

4 Feistel cipher Key Key length subkey generation block block length two halves of block no. of round encryption algorithm S-box XOR + + +

5 Key features not found in DES Key Key length subkey generation block block length two halves of block no. of round encryption algorithm S-box XOR Variable length key : Blowfish, RC5 Complex subkey generation process: Blowfish Variable plain/ciphertext block length: RC5 Operate on both halves each round: Blowfish, RC5 Variable no. of round: RC5 Key-dependent S-box: Blowfish Data/key-dependent rotation: RC5 Mixed operation: more than one arithmetic and Boolean operations

6 Outline Characteristics of advanced symmetric block cipher Triple DES Blowfish RC5 RC4 stream cipher

7 Triple DES clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks AES is a new cipher alternative prior to this alternative was to use multiple encryption with DES implementations

8 Double-DES ? why not Double-DES? 56x2=112 bits key Q1: Is that possible for some K 3 ?

9 Space of mapping 1. The whole space of mapping 64-bit plaintext 64-bit ciphertext 2 64 ! 2 64 ! > 10 347380000000000000000 mapping 2. Space of mapping defined by DES 56-key => 2 56 mapping 2 56 2 56 < 10 17 Double-DES is likely to produce a new mapping !

10 Q2: meet-in-the-middle attack DES: O(2 56 ) to attack 2DES: O(2 112 ) to attack? 1. Given a (P,C) 2. Encrypt P with 2 56 keys K1K1 X 000 … 00000 000 … 00001 000 … 00010 000 … 00011 … 111 … 11111 0101 … 0101 1101 … 0111 0001 … 0110 … … 3. Decrypt C with 2 56 keys K2K2 000 … 00000 000 … 00001 000 … 00010 000 … 00011 … 111 … 11111 X 0001 … 0110 … Match!

11 Triple-DES 3 DES encryption with 3 keys (56x3=168 bits) Avoid meet-in-the-middle attack with O(2 56 ) complexity E-D-E application of DES: PGP, S/MIME Backward compatible with DES: K 3 =K 2 or K 1 =K 2 E 3 3

12 Standardized 3DES 3DES standardized in ANSI X9.17 & ISO8732 2 56-bit keys Compatible with DES

13 Attack on 3DES Idea: if A and C are known, then it becomes an attack on double DES 1. Given n known (P,C) pairs 0100 … 101 1001 … 011 … 0110 … 100 1001 … 001 1100 … 111 1011 … 001 … 0100 … 101 1101 … 010 2. Select an arbitrary a for A a 3. Search 2 56 keys for K 1 K 1,1 K 1,2 K 1,1 K 1,2 0110 … 000 1110 … 011 4. Search 2 56 keys for K 2 K2K2

14 Complexity of attack on 3DES Brute-force key search: 2 112 Known plaintext-ciphertext attack on previous slide: No practical attack is known for now

15 Outline Characteristics of advanced symmetric block cipher Triple DES Blowfish RC5 RC4 stream cipher

16 Blowfish a symmetric block cipher designed by Bruce Schneier in 1993/94 Characteristics 64-bit block cipher Variable length key (32 bits to 448 bits) Complex subkey generation Key-dependent S-boxes Simple operations – fast implementation Modulo 2 32 addition Bitwise XOR

17 Blowfish + + + + + +++ + + + + 18 subkeys P i

18 Blowfish single round + + + Modulo 2 32 addition 256-entry S-box, 32-bit output/entry

19 Subkey and S-box generation uses a 32 to 448 bit key 1 word = 32 bits, 1 to 14 words to generate 18 32-bit subkeys stored in P-array four 256 entry S-boxes, 1 word in each entry K 1, K 2, K 3, K 4, …, K j 1<= j <= 14 P 1, P 2, P 3, P 4, …, P 18 S 1,0, S 1,1, S 1,2, S 1,3, …, S 1,255 S 2,0, S 2,1, S 2,2, S 2,3, …, S 2,255 S 3,0, S 3,1, S 3,2, S 3,3, …, S 3,255 S 4,0, S 4,1, S 4,2, S 4,3, …, S 4,255 Totally 1024 words

20 Subkey and S-box generation 1. initialize P-array and then 4 S-boxes using  2. XOR P-array with K-array (reuse as needed) 用  的小數點依序填入  P 和 S 陣列 P 1 = 243F6A88 P 2 = 85A308D3 … S 4,255 = 3AC372E6 P 1, P 2, P 3, P 4, … P 14, P 15, P 16, P 17, P 18 K 1, K 2, K 3, K 4, …, K 14,K 1, K 2, K 3, K 4 + + + + + + ++ + (Suppose input key is 14 words)

21 Subkey and S-box generation 3. loop repeatedly encrypting data using current P & S and replace successive pairs of P then S values P 1, P 2 = E P,S [0] 用現在 P,S 值當參數的 Blowfish, 加密 0 更新 P 1, P 2 P 3, P 4 = E P,S [P 1 || P 2 ] … S 1,0, S 1,1 = E P,S [P 17 || P 18 ] … S 4,254, S 4,255 = E P,S [S 4,252 || S 4,253 ] Totally 521 executions of Blowfish encryption => not suitable for frequent key changes

22 Blowfish Encryption + + + ++ + + + + + and  do not commute

23 Discussion key dependent S-boxes and subkeys, generated using cipher itself, makes analysis very difficult changing both halves in each round increases security (c.f. Feistel cipher) brute-force key search is not practical (maximally 448 bits)

24 Discussion (cont.) fast

25 Outline Characteristics of advanced symmetric block cipher Triple DES Blowfish RC5 RC4 stream cipher

26 RC5 designed by Ronald Rivest (of RSA fame) used in RSA Data Security, Inc. ’ s products can vary key size / data size / no rounds very clean and simple design easy implementation on various CPUs yet still regarded as secure

27 RC5 Ciphers RC5 is a family of ciphers RC5-w/r/b w = word size in bits (16/32/64), block data=2w r = number of rounds (0..255) b = number of bytes in key (0..255) nominal version is RC5-32/12/16 i.e. 32-bit words so encrypts 64-bit data blocks using 12 rounds with 16 bytes (128-bit) secret key

28 ++ + + Simple operations: 1.Addition: modulo 2 w 2.Bitwise XOR 3.Circular shift (rotation): x <<< y, x is left rotate y bits w w 1.Substitution depends on both words 2. Permutation depends on both words 3. Substitution depends on key A Substitution-permutation round: subkey (nonlinear and data dependent !!!)

29 RC5 Key Expansion RC5 uses t=2r+2 subkey words (w-bits) ( 決定 subkeys 大小和個數 )

30 RC5 subkey initialization e = 2.718281828459 …  P w =Odd[(e-2)2 w ] = B7E1 (16 bits) B7E15163 (32 bits)  = 1.618033988749 …  Q w =Odd[(  -1)2 w ] = 9E37 (16 bits) 9E3779B9 (32 bits) S[0] = P w for i=1 to t-1 do S[i] = S[i-1] + Q w /* initialize subkey array */

31 RC5 Decryption ++ ++++ ++

32 RC5 Modes RFC2040 defines 4 modes used by RC5 RC5 Block Cipher, is ECB mode RC5-CBC, is CBC (cipher block chaining) mode RC5-CBC-PAD, is CBC with padding by bytes with value being the number of padding bytes RC5-CTS, a variant of CBC which is the same size as the original message, uses ciphertext stealing to keep size same as original Plaintext message may not be a multiple of the block size

33 RC5 ciphertext stealing mode Not transmitted Ciphertext chaining

34 Summary: Block Cipher Characteristics features seen in modern block ciphers are: variable key length / block size / no rounds mixed operators, data/key dependent rotation key dependent S-boxes more complex key scheduling operation of full data in each round varying non-linear functions

35 Outline Characteristics of advanced symmetric block cipher Triple DES Blowfish RC5 RC4 stream cipher

36 Stream cipher diagram + + Recall: One-time pad in Chap. 2

37 Stream Cipher Properties some design considerations are: A pseudorandom number generator produces a deterministic stream that eventually repeats The period should be long Keystream should approximate a true random stream Ex. Approximately equal number of 1s and 0s The key needs to be sufficiently long Ex. 128 bits or longer key to avoid brute-force attack

38 Advantage of stream cipher Fasters than block ciphers

39 Disadvantage of stream cipher never reuse stream key Ciphertext 1 = plaintext 1  keystream Ciphertext 2 = plaintext 2  keystream Ciphertext 1  Ciphertext 2 = (plaintext 1  keystream)  (plaintext 2  keystream) = plaintext 1  plaintext 2 If plaintexts are text string, credit card no., or other streams with known properties, then cryptanalysis may be successful

40 RC4 Designed by Ron Rivest in 1987, owned by RSA DSI variable key size, byte-oriented stream cipher widely used (web SSL/TLS, wireless WEP) SSL: secure sockets layer TLS: transport layer security WEP: wired equivalent privacy Main steps: key forms random permutation of all 8-bit values (state vector S[0],S[1], …,S[255]) uses that permutation to scramble input info processed a byte at a time

41 RC4 Key Schedule starts with an array S of numbers: 0 … 255 S forms internal state of the cipher given a key K of length keylen bytes (1 to 256 bytes) 254 253

42 RC4 key scheduling and stream generation j=0, for i=0 to 255 Plaintext  k = ciphertext i=0, j=0 While(1){ i=i+1 mod 256, … }

43 RC4 Encryption encryption continues shuffling array values sum of shuffled pair selects "stream key" value XOR with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t]

44 RC4 Security The period of RC4 > 10 100 claimed secure against known attacks have some analyses, none practical result is very non-linear since RC4 is a stream cipher, must never reuse a key have a concern with WEP, but due to key handling rather than RC4 itself

Download ppt "Chap. 6: Contemporary Symmetric Ciphers Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard

Chapter 3 Block Ciphers and the Data Encryption Standard
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography and Network Security

Cryptography and Network Security
1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
Cryptography and Network Security Chapter 6

Cryptography and Network Security Chapter 6
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 2 (D) – Contemporary Symmetric Ciphers I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph.

Chapter 2 (D) – Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3

Similar presentations

Ads by Google