of 47

• date post

22-Dec-2015
• Category

## Documents

• view

216

1

Embed Size (px)

### Transcript of Cryptography Funny and serious stuff. The language of cryptography symmetric key crypto: sender,...

• Slide 1
• Cryptography Funny and serious stuff
• Slide 2
• The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) plaintext ciphertext K A encryption algorithm decryption algorithm Alices encryption key Bobs decryption key K B
• Slide 3
• Symmetric key cryptography Substitution cipher: substituting one thing for another- e.g. Caesar cipher substituting every letter of a plaintext by a letter that is K letters later (allowing wrap around). For example if K = 3 than the letter a in plaintext becomes d in ciphertext. Value of K serves as the key. This cipher is pretty easy to break as there are only 25 possible key values.
• Slide 4
• Symmetric key cryptography Improvement over the Caesar cipher is monoalphabetic cipher: substitute one letter for another but without a specific pattern : plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Q: How hard to break this simple cipher?: brute force (how hard?) other?
• Slide 5
• Symmetric key cryptography Polyalphabetic encryption Using multiple monoalphabetic ciphers, with a specific monoalphabetic cipher to encode a letter in a specific position in the plaintext message. For example we may use two Caesar ciphers with k1 =5 and k2=19 in repeating pattern C1, C2, C2, C1, C2 To break such a cipher it is necessary to know the keys and the pattern.
• Slide 6
• Symmetric key cryptography symmetric key crypto: Bob and Alice share (know) same (symmetric) key: K e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? plaintext ciphertext K A-B encryption algorithm decryption algorithm A-B K plaintext message, m K (m) A-B K (m) A-B m = K ( ) A-B
• Slide 7
• Symmetric key crypto: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES? DES Challenge: 56-bit-key-encrypted phrase (Strong cryptography makes the world a safer place) decrypted (brute force) in 4 months no known backdoor decryption approach making DES more secure: use three keys sequentially (3-DES) on each datum use cipher-block chaining
• Slide 8
• Symmetric key crypto: DES initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation DES operation
• Slide 9
• Chapter 2 Symmetric Encryption Message Confidentiality
• Slide 10
• Outline Symmetric Encryption Principles Symmetric Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution
• Slide 11
• Symmetric Encryption Principles An encryption scheme has five ingredients: Plaintext Encryption algorithm Secret Key Ciphertext Decryption algorithm Security depends on the secrecy of the key, not the secrecy of the algorithm
• Slide 12
• Symmetric Encryption Principles
• Slide 13
• Cryptography Classified along three independent dimensions: The type of operations used for transforming plaintext to ciphertext The number of keys used symmetric (single key) asymmetric (two-keys, or public-key encryption) The way in which the plaintext is processed
• Slide 14
• Cryptanalysis Ciphertext only: most difficult, brute force approach of trying all possible keys, the easiest to defend, Ciphertext and plaintext pair: known pattern in a file as well, probable-word attack (e.g. placement of certain key words in the header of a file) key can be deduced,
• Slide 15
• Cryptanalysis Chosen plaintext: analyst get the source system to insert into the system a message chosen by the analyst, plaintext message chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key,
• Slide 16
• Cryptanalysis Chosen ciphertext: purported ciphertext chosen by the analyst, together with its corresponding decrypted plaintext generated with the secret key
• Slide 17
• Computational security of an encryption The cost of breaking the cipher exceeds the value of the encrypted information, the time required to break the cipher exceeds the useful lifetime of the information
• Slide 18
• Average time required for exhaustive key search Key Size (bits) Number of Alternative Keys Time required at 10 6 Decryption/s 322 32 = 4.3 x 10 9 2.15 milliseconds 562 56 = 7.2 x 10 16 10 hours 1282 128 = 3.4 x 10 38 5.4 x 10 18 years 1682 168 = 3.7 x 10 50 5.9 x 10 30 years
• Slide 19
• Feistel Cipher Structure Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973 The realization of a Feistel Network depends on the choice of the following parameters and design features (see next slide):
• Slide 20
• Feistel Cipher Structure Block size: larger block sizes mean greater security Key Size: larger key size means greater security Number of rounds: multiple rounds offer increasing security Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis. Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern
• Slide 21
• Slide 22
• Symmetric Encryption Algorithms Data Encryption Standard (DES) The most widely used encryption scheme The algorithm is referred to as the Data Encryption Algorithm (DEA) DES is a block cipher The plaintext is processed in 64-bit blocks The key is 56-bits in length
• Slide 23
• Slide 24
• Slide 25
• DES The overall processing at each iteration: L i = R i-1 R i = L i-1 F(R i-1, K i ) Concerns about: The algorithm and the key length (56-bits)
• Slide 26
• Time to break a code (10 6 decryptions/s)
• Slide 27
• Triple DEA Uses three keys and three executions of the DES algorithm (encrypt- decrypt-encrypt) C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K Effective key length of 168 bits C = E K3 [D K2 [E K1 [P]]]
• Slide 28
• Triple DEA
• Slide 29
• AES: Advanced Encryption Standard new (Nov. 2001) symmetric-key NIST standard, replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
• Slide 30
• Origins clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks can use Triple-DES but slow with small blocks US NIST issued call for ciphers in 1997 15 candidates accepted in Jun 98 5 were short-listed in Aug-99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001
• Slide 31
• AES Requirements private key symmetric block cipher 128-bit data, 128/192/256-bit keys stronger & faster than Triple-DES active life of 20-30 years (+ archival use) provide full specification & design details both C & Java implementations NIST have released all submissions & unclassified analyses
• Slide 32
• AES Evaluation Criteria initial criteria: security effort to practically cryptanalyse cost computational algorithm & implementation characteristics final criteria general security software & hardware implementation ease implementation attacks flexibility (in en/decrypt, keying, other factors)
• Slide 33
• AES Shortlist after testing and evaluation, shortlist in Aug-99: MARS (IBM) - complex, fast, high security margin RC6 (USA) - v. simple, v. fast, low security margin Rijndael (Belgium) - clean, fast, good security margin Serpent (Euro) - slow, clean, v. high security margin Twofish (USA) - complex, v. fast, high security margin then subject to further analysis & comment saw contrast between algorithms with few complex rounds verses many simple rounds which refined existing ciphers verses new proposals
• Slide 34
• The AES Cipher - Rijndael designed by Rijmen-Daemen in Belgium has 128/192/256 bit keys, 128 bit data an iterative rather than feistel cipher treats data in 4 groups of 4 bytes operates an entire block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity
• Slide 35
• Rijndael processes data as 4 groups of 4 bytes (state) has 9/11/13 rounds in which state undergoes: byte substitution (1 S-box used on every byte) shift rows (permute bytes between groups/columns) mix columns (subs using matrix multiply of groups) add round key (XOR state with key material) initial XOR key material & incomplete last round all operations can be combined into XOR and table lookups - hence very fast & efficient
• Slide 36
• Rijndael
• Slide 37
• Byte Substitution a simple substitution of each byte uses one table of 16x16 bytes containing a permutation of all 256 8-bit values each byte of state is replaced by byte in row (left 4-bits) & column (right 4-bit