Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: DES due Thursday. DES due Thursday. Try not to use late day, so you can study for Ch 3 quiz Friday. Try not to use late day, so you can.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: DES due Thursday. DES due Thursday. Try not to use late day, so you can study for Ch 3 quiz Friday. Try not to use late day, so you can."— Presentation transcript:

1 Announcements: DES due Thursday. DES due Thursday. Try not to use late day, so you can study for Ch 3 quiz Friday. Try not to use late day, so you can study for Ch 3 quiz Friday. Can you break it? Can you break it? http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911 http://www.foxnews.com/us/2011/03/31/fbi-inundated-tips- encrypted-notes-1-murder-mystery/Today: Finish GF(2 8 ) Finish GF(2 8 ) Rijndael RijndaelQuestions? DTTF/NB479: DszquphsbqizDay 17

2 AES (Rijndael) The S-boxes, round keys, and MixColumn functions require the use of GF(2 8 ), so

3 Fields (T&W, 3.11) A field is a set of numbers with the following properties: Addition, with identity: a + 0 = a and inverse a+(-a)=0 Addition, with identity: a + 0 = a and inverse a+(-a)=0 Multiplication with identity: a*1=a, and inverse (a * a -1 = 1 for all a != 0) Multiplication with identity: a*1=a, and inverse (a * a -1 = 1 for all a != 0) Subtraction and division (using inverses) Subtraction and division (using inverses) Commutative, associative, and distributive properties Commutative, associative, and distributive properties Closure over all four operations Closure over all four operationsExamples: Real numbers Real numbers GF(4) = {0, 1, ,  2 } with these additional laws: x + x = 0 for all x and  + 1 =  2. GF(4) = {0, 1, ,  2 } with these additional laws: x + x = 0 for all x and  + 1 =  2. GF(p n ) for prime p is called a Galois Field. GF(p n ) for prime p is called a Galois Field.

4 A Galois field is a finite field with p n elements for a prime p There is only one finite field with p n elements for every power of n and prime p.There is only one finite field with p n elements for every power of n and prime p. GF(p n ) = Z p [X] (mod P(X)) is a field with p n elements.GF(p n ) = Z p [X] (mod P(X)) is a field with p n elements. Wasn’t Z 2 [X] (mod X 2 + X + 1) = GF(4)?Wasn’t Z 2 [X] (mod X 2 + X + 1) = GF(4)? Consider GF(2 n ) with P(X) = X 8 + X 4 + X 3 + X + 1Consider GF(2 n ) with P(X) = X 8 + X 4 + X 3 + X + 1 Rijndael uses this! Finish quiz.

5 Back to Rijndael/AES Parallels with DES? Multiple rounds (7 is enough to require brute force) Diffusion XOR with round keys No MixColumn in last round Major differences Not a Feistel system Much quicker diffusion of bits (2 rounds) Much stronger against linear, diffy. crypt., interpolation attacks

6 ByteSub (BS) 1.Write 128-bit input a as matrix with 16 byte entries (column major ordering): 2.For each byte, abcdefgh, replace with byte in location (abcd, efgh) Example: 00011111  ___ Example: 11001011  ___ 3.Output is a matrix called b Why were these numbers chosen?

7 S-box Derivation The S-box maps byte x to byte z via the function z = Ax -1 +b: Input byte x: x 7 x 6 x 5 x 4 x 3 x 2 x 1 x 0 Compute the inverse in GF(2 8 ): y 7 y 6 y 5 y 4 y 3 y 2 y 1 y 0 (non-linear, vs. attacks) (use 0 as inverse of 0) Compute this linear function z in GF(2 8 ): (to complicate attacks) (A is simple to implement) b chosen so

8 ShiftRow (SR) Shifts the entries of each row by increasing offset: Shifts the entries of each row by increasing offset: Gives resistance to newer attacks (truncated differentials, Square attack)

9 MixColumn (MC) Multiply – via GF(2 8 ) – with the fixed matrix shown. Multiply – via GF(2 8 ) – with the fixed matrix shown.Speed? 64 multiplications, each involving at most 2 shifts + XORs Gives quick diffusion of bits

10 AddRoundKey (ARK) XOR the round key with matrix d. XOR the round key with matrix d. Key schedule on next slide

11 Key Schedule Write original key as 4x4matrix with 4 columns: W(0), W(1), W(2), W(3). Key for round i is (W(4i), W(4i+1), W(4i+2), W(4i+3)) Other columns defined recursively: Highly non-linear. Resists attacks at finding whole key when part is known K0K0 K1K1 K 10 192-, 256-bit versions similarsimilar

12 Decryption E(k) is: (ARK 0, BS, SR, MC, ARK 1, … BS, SR, MC, ARK 9, BS, SR, ARK 10 ) Each function is invertible: ARK; IBS; ISR; IMC So D(k) is: ARK 10, ISR, IBS, ARK 9, IMC, ISR, IBS, … ARK 1, IMC, ISR, IBS, ARK 0 ) Half-round structure: Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK (Note that last MC wouldn’t fit) D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK Can write: D(k) = ARK, (IBS, ISR), (IMC, IARK), … (IBS, ISR), (IMC, IARK), (IBS, ISR), ARK

13 Wrap-up Wikipedia’s entry has some nice visuals visuals But this site has even nicer animations* animations * Thanks to Adam Shiemke, 2009 for the link

Download ppt "Announcements: DES due Thursday. DES due Thursday. Try not to use late day, so you can study for Ch 3 quiz Friday. Try not to use late day, so you can."

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.

Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 3 Symmetric ciphers 2 part 2. Triple DES Ordinary DES is now considered obsolete ‒Its key length is only 56 bits. ‒With today’s technology, it.

Session 3 Symmetric ciphers 2 part 2. Triple DES Ordinary DES is now considered obsolete ‒Its key length is only 56 bits. ‒With today’s technology, it.
Advanced Encryption Standard

Advanced Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
Announcements: Ch 3 quiz next week (tentatively Friday). Will include fields (today) Ch 3 quiz next week (tentatively Friday). Will include fields (today)Today:

Announcements: Ch 3 quiz next week (tentatively Friday). Will include fields (today) Ch 3 quiz next week (tentatively Friday). Will include fields (today)Today:
Session 3: Secret key cryptography – block ciphers – part 2.

Session 3: Secret key cryptography – block ciphers – part 2.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Announcements: Quizzes returned tomorrow Quizzes returned tomorrow This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption Standard.

Announcements: Quizzes returned tomorrow Quizzes returned tomorrow This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption Standard.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Similar presentations

Ads by Google