Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Security Seminar - 1 Chapter 14. Still Other Block Ciphers 2002. 11. 21. 발표자 : 최두호 Applied Cryptography.

Published byGiles Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Security Seminar - 1 Chapter 14. Still Other Block Ciphers 2002. 11. 21. 발표자 : 최두호 Applied Cryptography."— Presentation transcript:

1 Software Security Seminar - 1 Chapter 14. Still Other Block Ciphers 2002. 11. 21. 발표자 : 최두호 Applied Cryptography

2 Software Security Seminar - 2 Contents 10.7 SXAL8/MBAL 10.8 RC5 10.9 Oher Block Algorithms 10.10 Theory of Block Cipher Design 10.11 Using One-Way Hash Functions 10.12 Choosing a Block Algorithm

3 Software Security Seminar - 3 SXAL8/MBAL  64-bit block algorithm from Japan  SXAL8 : basic algorithm  MBAL : expanded version with a variable block length

4 Software Security Seminar - 4 RC5  Block cipher with a variety of parameters: block size, key size, and number of rounds  Needed operations : XOR, addition, and rotations  (Assume that the little endian mode) Input block : 64-bit data A|B Key : 2r+2 32-bit words – S 0, S 1, …, S 2r+1 (+, - : mod 2 32  : XOR >>>, <<< : right rotation, left rotation )

5 Software Security Seminar - 5 RC5(conti.) Encryption : A = A + S 0 B = B + S 1 For i = 1 to r : A = ((A  B)<<<B) + S 2i B = ((B  A)<<<A) + S 2i+1 Decryption : For i = r to 1 : B = ((B- S 2i+1 )>>>A)  A A = ((A- S 2i )>>>B)  B A = A + S 0 B = B + S 1

6 Software Security Seminar - 6 Other Block Algorithms  CRYPTO-MECCANO  Rao-Nam algorithm  Li-Wang algorithm  CALC  TEA(Tiny Encryption Algorithm)  MacGuffin  기타 등등 …………………………………….

7 Software Security Seminar - 7 Theory of Block Cipher Design 1. Confusion and Diffusion Confusion : plaintext, key, ciphertext 사이의 관계를 숨기는 것 Diffusion : plaintext 와 key 가 ciphertext 전체에 다 영향을 미 치도록 하는 것

8 Software Security Seminar - 8 Theory of Block Cipher Design(conti.) 예 ) DES 에서 …. Diffusion Confusion

9 Software Security Seminar - 9 Theory of Block Cipher Design(conti.) Confusion ~ Substitution Diffusion ~ Permutation  SPN 구조 = Substitution-Permutation Network 예 ) AES DES : Iterated Block Cipher

10 Software Security Seminar - 10 Theory of Block Cipher Design(conti.) 2. Feistel Networks What is Feistel Network? In DES f LR L’R’  f L’R’ LR  DES, Lucifer, FEAL, Khufu, Khafre, LOKI, GOST, CAST, Blowfish,… f need not be invertible

11 Software Security Seminar - 11 Theory of Block Cipher Design(conti.) 3. Simple Relation Simple Relation : If E K (P)=C then E f(K) (g(P,K))=h(C,K) f, g, h : simple function (simple = easy to compute ) 예 ) In DES : If E K (P)=C and P’, C’, K’ : bit-wise complements fo P, C, K Then E K’ (P’)=C’

12 Software Security Seminar - 12 Theory of Block Cipher Design(conti.) 4. Group Structure E K : member of group Composition : the operation 얼마나 Group Structure 가까우냐 ? Group Structure 에 가까울수록 multiple encryption 은 통계학 적 관점에서 시간 낭비다.

13 Software Security Seminar - 13 Theory of Block Cipher Design(conti.) 4. Weak Keys In a good block cipher, all keys are equally strong 5. Strength against Differential and Linear Cryptoanalysis

14 Software Security Seminar - 14 Theory of Block Cipher Design(conti.) 6. S-Box Design S-Box 가 크면 클수록 좋다. 그러나, memory 문제  Confusion 과 Diffusion 을 반복하여 ….

15 Software Security Seminar - 15 Theory of Block Cipher Design(conti.)  Choose randomly : small random S-Box 보다 large random S-Box 가 좋다.  Choose and test :  Man-made : Intuitive techniques  Math-made : Generate S-boxes according to mathematical principles  security proof against differential and linear cryptoanalysis

16 Software Security Seminar - 16 Using One-Way Hash Functions C i = P i  H(K, C i-1 ) P i = C i  H(K, C i-1 ) The security of this scheme depends on the security of the one-way function

17 Software Security Seminar - 17 Using One-Way Hash Functions(conti.) Karn Plain text : P = P l P r 32-byte block Key : K = K l K r 96-byte key Encryption: C r =P r  H( P l, K l ) C l =P l  H(C r, K r ) C = C l C r Decryption: P l =C l  H(C r, K r ) P r =C r  H(P l, K l ) P = P l P r

18 Software Security Seminar - 18 Using One-Way Hash Functions(conti.) Luby-Rackoff Michael Luby and Charles Rackoff showed that Karn is not secure (1) Key K l K r, Plaintext L 0 R 0 (2) R 1 = R 0  H( K l, L 0 ) (3) L 1 = L 0  H( K r, R 1 ) (4) R 2 = R 1  H( K l, L 1 ) (5) L 1 R 2

19 Software Security Seminar - 19 Using One-Way Hash Functions(conti.) Message Digest Cipher(MDC) Use MD5, SHA CFB mode Hash Function Plaintext  Ciphertext Key

20 Software Security Seminar - 20 Using One-Way Hash Functions(conti.) A good one-way hash function doesn’t necessarily make a secure encryption algorithm Linear cryptoanalysis is not a viable attack against one-way hash functions

21 Software Security Seminar - 21 Choosing a Block Algorithm

22 Software Security Seminar - 22 THE END

Download ppt "Software Security Seminar - 1 Chapter 14. Still Other Block Ciphers 2002. 11. 21. 발표자 : 최두호 Applied Cryptography."

Similar presentations

Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
FEAL FEAL 1.

FEAL FEAL 1.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Cryptography Block Ciphers and Feistel Functions.

Cryptography Block Ciphers and Feistel Functions.
CSE 651: Introduction to Network Security

CSE 651: Introduction to Network Security

Similar presentations

Ads by Google