Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pseudo-Random Functions 1/22 Encryption as Permutation Assume cryptosystem correct and P = C If x  x’ then E K (x)  E K (x’) So, no y is hit by more.

Published byDerick McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "Pseudo-Random Functions 1/22 Encryption as Permutation Assume cryptosystem correct and P = C If x  x’ then E K (x)  E K (x’) So, no y is hit by more."— Presentation transcript:

1 Pseudo-Random Functions 1/22 Encryption as Permutation Assume cryptosystem correct and P = C If x  x’ then E K (x)  E K (x’) So, no y is hit by more than one x Therefore all y are hit by some x E K is a permutation of plaintext space P There are |P|! such permutations 000001010011100101110111 000001010011100101110111

2 Pseudo-Random Functions 2/22 Encryption as Permutation On the other hand, any permutation of P can be used to encrypt –Decryption consists of following the arrows in the backwards direction Symmetric encryption can be seen as just permuting the set of possible messages –The applied permutation is the key 000001010011100101110111 000001010011100101110111

3 Pseudo-Random Functions 3/22 The more permutations are used for encryption, the less Oscar knows about which permutation is used Why not just use the set of all permutations as the key space? To encrypt L-bit strings there are 2 L plaintexts and thus 2 L ! permutations Takes b = log 2 (2 L !) ~ L·2 L bits to write down one of the permutations (log(n!) ~ n log(n)) 000001010011100101110111 000001010011100101110111 Encryption as Permutation

4 Pseudo-Random Functions 4/22 Encryption as Permutation LKey LengthComparison 1010,000 2020,000,000 3030,000,000,000 A long movie 404*10 13 100 DVDs 5010 17 1000,000 DVDs 6410 21 10,000,000,000 DVDs 12810 41 Atoms in the atmosphere 25610 79 Atoms in the universe 51210 157 Atoms in 10 78 universes 102410 311 ???

5 Pseudo-Random Functions 5/22 Encryption as Permutation For all practical cryptosystems the set of encryption functions consists of a relatively very small subset of the possible permutations of the plaintext space

6 Pseudo-Random Functions 6/22 Shift Cipher P = K = Z 26 = {0,1,…,25} Encryption: E K (x) = x + K mod 26 Decryption: D K (y) = y - K mod 26 Correctness: follows from the rule: (a + b mod N) + c mod N = a + (b + c mod N) mod N Illustrated for K=3 (and11 instead of 26): 012348910 01234567 567 89 3

7 Pseudo-Random Functions 7/22 Shift Cipher Can of course be seen as encryption of the English alphabet: abcdexyz ABCDEFGH w Z 3 abcdexyz DEFGHZ w ABC 3 … … … …

8 Pseudo-Random Functions 8/22 Electronic Codebook To encrypt a text, encrypt one letter at a time Known as electronic codebook (ECB) Not a very secure mode! wheela rr ZKHHOE b D UU ow RZ 3

9 Pseudo-Random Functions 9/22 Exhaustive Search The shift cipher has too few keys and can therefore be broken by trying them all: ZKHHOD UU yjggnd E c ct RZ qy 1 ZKHHOD UU xiffmc E b ss RZ qx 2 ZKHHOD UU wheelb E a rr RZ ow 3

10 Pseudo-Random Functions 10/22 Exhaustive Search The set of encryption functions should not be a too small subset of all permutations of the plaintext space Currently 2 64 simple computational operations are considered infeasible to perform, so a key of 64 bits should be enough to protect against exhaustive search There are other reasons to have longer keys though!

11 Pseudo-Random Functions 11/22 Substitution Cipher P = Z 26 = {0,1,…,25} K = set of permutations  of Z 26 Encryption: E  (x) =  (x) Decryption: D  (y) =  -1 (x) Example key: (Z,G,A,O,N,…,C,X,I,Q) –(with letters instead of numbers) There are > 2 88 keys, so exhaustive search is impossible today –But can be broken using statistical analysis abcdexyz ZGAONC w XIQ … …

12 Pseudo-Random Functions 12/22 Transposition P = ( Z 26 ) m = {0,1,…,25} m K = set of permutations  of {1,…,m} K =  x=(x 1,…,x m ) y=(y 1,…,y m ) Encryption: E  (x) = (x  (1),…,x  (m) ) Decryption: E  (x) = (x  (1),…,x  (m) ) –Where  =  -1 Number of keys: m! –Soon too large to fall pray to exhaustive search –But can easily be broken using other methods

13 Pseudo-Random Functions 13/22 Transposition Example wheela rr LEE b A B ow HWO RRG 1 3 1 3 5 5 2 2 4 4 K

14 Pseudo-Random Functions 14/22 Friedman We encode a black and white photo as a bit-string by encoding black as 1 and white as 0 We encrypt the bit- string with ECB mode and turn the resulting bit-string into a black and white image using the reverse encoding Friedman:

15 Pseudo-Random Functions 15/22 Substitution Example Substitution of 4-bit blocks #keys = 2 4 ! 45-bit keys –log 2 (2 4 !) ~ 45 0110001101101101 1101100011010010 sub

16 Pseudo-Random Functions 16/22 Transposition Example Transposition of 16- bit blocks #keys = 16! 45-bit keys –log 2 (16!) ~ 45 1111101101111101 1101111110110111

17 Pseudo-Random Functions 17/22 Composition and Iteration Neither substitution of small blocks nor transposition is secure in itself A few rounds of substitution followed by transposition, however, turns out to do a good job –Substitution ensures that changing just one bit in the input makes four bits in output flip at random –Transposition spreads the changes –Iterations creates an avalanche effect The result is that each different 16-bit block is replaced by a completely random looking 16-bit block Idea behind modern symmetric cryptosystems –More about that when we look at AES

18 Pseudo-Random Functions 18/22 Compose+Iterate Example After 5 rounds: sub ???? 1101111110110111???? ???????????? 1101111110110111???????????? 1101111110110111? ????????????????

19 Pseudo-Random Functions 19/22 Compose+Iterate Example 45+45=90-bit keys –Withstands exhaustive search The result is a surprisingly good encryption of 16-bit blocks The remaining pattern is due to our use of ECB –Can be fixed by using CBC After 5 rounds:

20 Pseudo-Random Functions 20/22 Compose+Iterate Example 45+45=90-bit keys –Withstands exhaustive search The result is a surprisingly good encryption of 16-bit blocks The remaining pattern is due to our use of ECB –Can be fixed by using CBC 5 rounds + CBC

21 Pseudo-Random Functions 21/22 Pseudo-Random Functions The ideal block cipher would have all possible permutations as key The output of such a block cipher would be completely random –Actually F(1)=42 excludes that F(2)=42, but except for that there would be no structure This inspires the definition of a pseudo- random function (PRF) An encryption function F K is said to be a PRF if one cannot distinguish the outputs F K (x) from uniformly random outputs when K is random and one does not know K

22 Pseudo-Random Functions 22/22 Pseudo-Random Functions F {0,1} k :{0,1} L  {0,1} l is called a (t,  )-PRF if the following two interactive algorithms are (t,  )-IND Algorithm A: –Sample a uniformly random key K from {0,1} k –On each input x in {0,1} L return F K (x) Algorithm B: –For each x in {0,1} L sample a uniformly random y in {0,1} l and store it in a table T, i.e., let T[x]  y –On each input x return y=T[x]

Download ppt "Pseudo-Random Functions 1/22 Encryption as Permutation Assume cryptosystem correct and P = C If x  x’ then E K (x)  E K (x’) So, no y is hit by more."

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.
DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.

The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
From Crypto-Theory to Crypto-Practice 1 CHAPTER 14: From Crypto-Theory to Crypto-Practice SHIFT REGISTERS The first practical approach to ONE-TIME PAD.

From Crypto-Theory to Crypto-Practice 1 CHAPTER 14: From Crypto-Theory to Crypto-Practice SHIFT REGISTERS The first practical approach to ONE-TIME PAD.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Cryptography Course 2008 Lecture 4 Jesper Buus Nielsen Modern Block Ciphers 1/43 Contents Encryption modes –Cipher-Block Chaining (CBC) Mode –Counter mode.

Cryptography Course 2008 Lecture 4 Jesper Buus Nielsen Modern Block Ciphers 1/43 Contents Encryption modes –Cipher-Block Chaining (CBC) Mode –Counter mode.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Similar presentations

Ads by Google