SYMMETRIC CIPHERS

2

Contents

1. Classical encryption techniques2. Block ciphers and the data encryption standard3. Basic concepts in number theory and finite fields4. Advanced encryption standard5. Block cipher operation6. Pseudorandom number generation and stream ciphers

3

1. CLASSICAL ENCRYPTION TECHNIQUES

Symmetric Cipher Model Substitution Techniques Transposition Techniques Rotor Machines Steganography

4

KEY POINTS

Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the same key. It is also known as conventional encryption.

Symmetric encryption transforms plaintext into ciphertext using a secret key and an encryption algorithm. Using the same key and a decryption algorithm, the plaintext is recovered from the ciphertext.

The two types of attack on an encryption algorithm are cryptanalysis, based on properties of the encryption algorithm, and brute-force, which involves trying all possible keys.

5

KEY POINTS (cont.)

Traditional (precomputer) symmetric ciphers use substitution and/or transposition techniques. Substitution techniques map plaintext elements (characters, bits) into ciphertext elements. Transposition techniques systematically transpose the positions of plaintext elements.

Rotor machines are sophisticated precomputer hardware devices that use substitution techniques.

Steganography is a technique for hiding a secret message within a larger one in such a way that others cannot discern the presence or contents of the hidden message.

6

SYMMETRIC CIPHER MODEL

7

Plaintext: This is the original intelligible message or data that is fed into the algorithm as input

Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext.

Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm

Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key.

Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.

8

9

Cryptography

Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. (substitution, transposition).

2. The number of keys used (symmetric, public-key encryption)

3. The way in which the plaintext is processed (block cipher, stream cipher)

10

Cryptanalysis and Brute-Force Attack

Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Brute-force attack: The attacker tries every possible key on a piece of cipher-text until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

11

Types of Attacks on Encrypted Messages

12

A brute-force attack involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

13

SUBSTITUTION TECHNIQUES

A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns.

Caesar Cipher For example, plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB

14

15

Monoalphabetic Ciphers Playfair Cipher Hill Cipher Polyalphabetic Ciphers

16

17

One-Time Pad

An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to the Vernam cipher that yields the ultimate in security. Mauborgne suggested using a random key that is as long as the message, so that the key need not be repeated. In addition, the key is to be used to encrypt and decrypt a single message, and then is discarded. Each new message requires a new key of the same length as the new message. Such a scheme, known as a one-time pad, is unbreakable. It produces random output that bears no statistical relationship to the plaintext. Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code.

18

TRANSPOSITION TECHNIQUES

The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. For example, to encipher the message “meet me after the toga party” with a rail fence of depth 2, we write the following:

m e m a t r h t g p r y e t e f e t e o a a t The encrypted message is

MEMATRHTGPRYETEFETEOAAT

19

ROTOR MACHINESex. Three-Rotor Machine with Wiring Represented by Numbered Contacts

20

STEGANOGRAPHY

A plaintext message may be hidden in one of two ways. The methods of steganography conceal the existence of the message, whereas the methods of cryptography render the message unintelligible to outsiders by various transformations of the text.

Character marking: Selected letters of printed or typewritten text are over-written in pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright light.

Invisible ink: A number of substances can be used for writing but leave no visible trace until heat or some chemical is applied to the paper.

21

Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the paper is held up in front of a light.

Typewriter correction ribbon: Used between lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light.

The advantage of steganography is that it can be employed by parties who have something to lose should the fact of their secret communication (not necessarily the content) be discovered. Encryption flags traffic as important or secret or may identify the sender or receiver as someone with something to hide.

22

2. BLOCK CIPHERS AND THE DATAENCRYPTION STANDARD

Block Cipher Principles The Data Encryption Standard

23

KEY POINTS

A block cipher is an encryption/decryption scheme in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.

Many block ciphers have a Feistel structure. Such a structure consists of a number of identical rounds of processing. In each round, a substitution is performed on one half of the data being processed, followed by a permutation that interchanges the two halves. The original key is expanded so that a different key is used for each round.

24

KEY POINTS (cont.)

The Data Encryption Standard (DES) has been the most widely used encryption algorithm until recently. It exhibits the classic Feistel structure. DES uses a 64-bit block and a 56-bit key.

Two important methods of cryptanalysis are differential cryptanalysis and linear cryptanalysis. DES has been shown to be highly resistant to these two types of attack.

25

BLOCK CIPHER PRINCIPLES

Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream

one bit or one byte at a time. A block cipher is one in which a block of plaintext is

treated as a whole and used to produce a ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used.

26

Stream Cipher and Block Cipher

27

THE DATA ENCRYPTION STANDARD

In the late 1960s, IBM set up a research project in computer cryptography led by Horst Feistel. The project concluded in 1971 with the development of an algorithm with the designation LUCIFER [FEIS73], which was sold to Lloyd’s of London for use in a cash-dispensing system, also developed by IBM.

In 1973, the National Bureau of Standards (NBS) issued a request for proposals for a national cipher standard. IBM submitted the results of its Tuchman–Meyer project. This was by far the best algorithm proposed and was adopted in 1977 as the Data Encryption Standard.

28

DES Encryption

As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length (Actually, the function expects a 64-bit key as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily).

29

General Depiction of DES Encryption Algorithm

30

Single Round of DES Algorithm

31

Calculation of F(R, K)

32

3. BASIC CONCEPTS IN NUMBER THEORYAND FINITE FIELDS

Divisibility and The Division Algorithm The Euclidean Algorithm Modular Arithmetic Groups, Rings, and Fields Finite Fields of the Form GF(p) Polynomial Arithmetic Finite Fields of the Form GF(2^n)

33

KEY POINTS

Modular arithmetic is a kind of integer arithmetic that reduces all numbers to one of a fixed set [0,...,n-1] for some number n. Any integer outside this range is reduced to one in this range by taking the remainder after division by n.

The greatest common divisor of two integers is the largest positive integer that exactly divides both integers.

A field is a set of elements on which two arithmetic operations (addition and multiplication) have been defined and which has the properties of ordinary arithmetic, such as closure, associativity, commutativity, distributivity, and having both additive and multiplicative inverses.

34

KEY POINTS (cont.)

Finite fields are important in several areas of cryptography. A finite field is simply a field with a finite number of elements. It can be shown that the order of a finite field (number of elements in the field) must be a power of a prime p^n, where n is a positive integer.

Finite fields of order p can be defined using arithmetic mod p.

Finite fields of order p^n, for n>1, can be defined using arithmetic over polynomials.

35

DIVISIBILITY AND THE DIVISION ALGORITHM

36

37

THE EUCLIDEAN ALGORITHM

Definition: Two integers are relatively primeif their only common positive integer factor is 1.

Finding the Greatest Common Divisor

38

MODULAR ARITHMETIC

Properties of Congruences

39

Euclidean Algorithm Revisited

40

Groups

41

Rings

42

Rings (cont.)

43

Fields

44

Summarizes the axioms that define groups, rings, and fields.

45

FINITE FIELDS OF THE FORM GF(p)

46

Ex. Arithmetic in GF(7)

47

POLYNOMIAL ARITHMETIC

48

Euclidean Algorithm for Polynomials

49

4. ADVANCED ENCRYPTION STANDARD

Finite Field Arithmetic AES Structure AES Transformation Functions AES Key Expansion An AES Example AES Implementation

50

KEY POINTS

AES is a block cipher intended to replace DES for commercial applica-tions. It uses a 128-bit block size and a key size of 128, 192, or 256 bits.

AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic opera-tions over a finite field, and XOR with a key.

51

AES STRUCTURE

52

AES Encryption and Decryption

53

5. BLOCK CIPHER OPERATION

Multiple Encryption and Triple DES Electronic Code Book Cipher Block Chaining Mode Cipher Feedback Mode Output Feedback Mode Counter Mode XTS-AES Mode for Block-Oriented Storage Devices

54

KEY POINTS

Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption algorithm. This ciphertext is then used as input and the algorithm is applied again. This process may be repeated through any number of stages.

Triple DES makes use of three stages of the DES algorithm, using a total of two or three distinct keys.

A mode of operation is a technique for enhancing the effect of a crypto-graphic algorithm or adapting the algorithm for an application, such as applying a block cipher to a sequence of data blocks or a data stream.

55

KEY POINTS (cont.)

Five modes of operation have been standardized by NIST for use with symmetric block ciphers such as DES and AES: electronic codebook mode, cipher block chaining mode, cipher feedback mode, output feed-back mode, and counter mode.

Another important mode, XTS-AES, has been standardized by the IEEE Security in Storage Working Group (P1619). The standard describes a method of encryption for data stored in sector-based devices where the threat model includes possible access to stored data by the adversary.

56

MULTIPLE ENCRYPTION AND TRIPLE DES

57

Triple DES with Two Keys Triple DES with Three Keys: A number of Internet-based applications have adopted three-key 3DES, including PGP and S/MIME

58

ELECTRONIC CODE BOOK

59

Block Cipher Modes of Operation

60

CIPHER BLOCK CHAINING MODE

61

CIPHER FEEDBACK MODE

62

63

OUTPUT FEEDBACK MODE

64

65

COUNTER MODE

66

67

68

6. PSEUDORANDOM NUMBERGENERATION ANDSTREAMCIPHERS

Principles of Pseudorandom Number Generation Pseudorandom Number Generators Pseudorandom Number Generation Using a Block Cipher Stream Ciphers RC4 True Random Number Generators

69

KEY POINTS

A capability with application to a number of cryptographic functions is random or pseudorandom number generation. The principle requirement for this capability is that the generated number stream be unpredictable.

A stream cipher is a symmetric encryption algorithm in which ciphertext output is produced bit-by-bit or byte-by-byte from a stream of plaintext input. The most widely used such cipher is RC4.

70

RANDOMNESS

Traditionally, the concern in the generation of a sequence of allegedly random numbers has been that the sequence of numbers be random in some well-defined statistical sense. The following two criteria are used to validate that a sequence of numbers is random:

Uniform distribution:The distribution of bits in the sequence should be uniform; that is, the frequency of occurrence of ones and zeros should be approximately equal.

Independence:No one subsequence in the sequence can be inferred from the others.

71

Random and Pseudorandom Number Generators

72

STREAM CIPHERS

73

RC4 (Ron Rivest, 1987)

RC4 is used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) standards that have been defined for communication between Web browsers and servers. It is also used in the Wired Equivalent Privacy (WEP) protocol and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard. RC4 was kept as a trade secret by RSA Security.