Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.
-
Upload
oliver-atkinson -
Category
Documents
-
view
216 -
download
0
Transcript of Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.
![Page 1: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/1.jpg)
Module :MA3036NISymmetric Encryption -4
Lecture Week 5
![Page 2: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/2.jpg)
Question.
Encrypt the Hexadecimal word “CA” using Key 1010011101 using the techniques of S-DES.
![Page 3: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/3.jpg)
3
Overview• Feistel Cipher Structure• Data Encryption Standard(DES)– History– Encryption– Round Structure– Key Schedule– Decryption– Avalanche effect– Strengths
• AES (demo)
![Page 4: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/4.jpg)
4
Feistel Cipher Structure
• Horst Feistel devised the feistel cipher– based on concept of invertible product cipher
• Partitions input block into two halves– process through multiple rounds which– perform a substitution on left data half– based on round function of right half & sub key– then have permutation swapping halves
• Implements Shannon’s substitution-permutation network concept
![Page 5: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/5.jpg)
5
Feistel Cipher Structure
![Page 6: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/6.jpg)
6
Feistel Cipher Design Principles• Block size – increasing size improves security, but slows cipher
• Key size – increasing size improves security, makes exhaustive key
searching harder, but may slow cipher • Number of rounds – increasing number improves security, but slows cipher
• Sub key generation – greater complexity can make analysis harder, but slows cipher
• Round function – greater complexity can make analysis harder, but slows cipher
• Fast software en/decryption & ease of analysis– are more recent concerns for practical use and testing
![Page 7: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/7.jpg)
7
Data Encryption Standard (DES)
• Most widely used block cipher in world • Adopted in 1977 by NBS (National Bureau of
Standards), now NIST (National Institute of Standard and Technology)– as FIPS PUB 46
• Encrypts 64-bit data using 56-bit key• Has widespread use• Has been considerable controversy over its security
![Page 8: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/8.jpg)
8
DES History
• IBM developed Lucifer cipher– by team led by Feistel– used 64-bit data blocks with 128-bit key
• Then redeveloped as a commercial cipher with input from NSA (National Security Agency) and others
• In 1973 NBS issued request for proposals for a national cipher standard
• IBM submitted their revised Lucifer which was eventually accepted as the DES
![Page 9: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/9.jpg)
9
DES Design Controversy
• DES standard is public• However, there was considerable controversy over
design – in choice of 56-bit key (vs. Lucifer 128-bit)– and because S -boxes design criteria were classified (hidden)
• Subsequent events and public analysis show in fact design was appropriate
• DES has become widely used, especially in financial applications
![Page 10: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/10.jpg)
10
DES Encryption
![Page 11: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/11.jpg)
11
Initial Permutation IP
• First step of the data computation • IP reorders the input data bits • Even bits to LH half, odd bits to RH half • Quite regular in structure
![Page 12: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/12.jpg)
12
DES Round Structure
• Uses two 32-bit L & R halves• As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)• Takes 32-bit R half and 48-bit sub key and:– expands R to 48-bits using perm E– adds to sub key– passes through 8 S-boxes to get 32-bit result– finally permutes this using 32-bit perm P
![Page 13: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/13.jpg)
13
DES Round Structure (cont)
![Page 14: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/14.jpg)
14
Substitution Boxes S
• Have 8 S-boxes which map 6 to 4 bits • Each S-box is actually 4 little 4 bit boxes – outer bits 1 & 6 (row bits) select one rows – inner bits 2-5 (column bits) are substituted – result is 8 lots of 4 bits, or 32 bits
• Row selection depends on both data & key– feature known as autoclaving (auto keying)
![Page 15: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/15.jpg)
15
DES Key Schedule
• Forms sub keys used in each round• Consists of:– initial permutation of the key (PC1) which selects 56-bits in
two 28-bit halves – 16 stages consisting of:
• selecting 24-bits from each half • permuting them by PC2 for use in function f, • rotating each half separately either 1 or 2 places depending on the
key rotation schedule K
![Page 16: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/16.jpg)
16
DES Decryption
• Decrypt must unwind steps of data computation • With Feistel design, do encryption steps again • Using sub keys in reverse order (SK16 … SK1)• Note that IP undoes final FP step of encryption • 1st round with SK16 undoes 16th encrypt round• ….• 16th round with SK1 undoes 1st encrypt round • Then final FP undoes initial encryption IP • Thus recovering original data value
![Page 17: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/17.jpg)
17
Avalanche Effect
• Where a change of one input or key bit results in changing approx half output bits
• DES exhibits strong avalanche
![Page 18: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/18.jpg)
18
Strength of DES – Key Size
• 56-bit keys have 256 = 7.2 x 1016 values• Brute force search looks hard• Recent advances have shown is possible– in 1997 on Internet in a few months – in 1998 on dedicated h/w in a few days – in 1999 above combined in 22hrs
• Still must be able to recognize plaintext• Now considering alternatives to DES
![Page 19: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/19.jpg)
19
Strength of DES – Timing Attacks
• A timing attack is one in which information about the key or plaintext is obtained by observing how long it takes a given implementation to perform decryptions on various cipher texts.
• Its so far unlikely that this technique will ever be successful against DES .
![Page 20: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/20.jpg)
20
Strength of DES – Analytic Attacks
• Now have several analytic attacks on DES• These utilise some deep structure of the cipher – by gathering information about encryptions – can eventually recover some/all of the sub-key bits – if necessary then exhaustively search for the rest
• Generally these are statistical attacks• Include– differential cryptanalysis – linear cryptanalysis – related key attacks
![Page 21: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/21.jpg)
21
Advanced Encryption Standard
"It is very simple. But if you don't know what the key is it's virtually indecipherable."
—Ruth Rendell
![Page 22: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/22.jpg)
22
Origins
• Clear a replacement for DES was needed– have theoretical attacks that can break it– have demonstrated exhaustive key search attacks
• Can use Triple-DES – but slow with small blocks• US NIST issued call for ciphers in 1997• 15 candidates accepted in Jun 98 • 5 were shortlisted in Aug-99 • Rijndael was selected as the AES in Oct-2000• Issued as standard in Nov-2001
![Page 23: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/23.jpg)
23
AES Requirements
• Private key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger & faster than Triple-DES
![Page 24: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/24.jpg)
24
The AES Cipher - Rijndael
• Designed by Rijmen-Daemen in Belgium • Has 128/192/256 bit keys, 128 bit data • An iterative rather than feistel cipher– treats data in 4 groups of 4 bytes– operates an entire block in every round
• Designed to be:– resistant against known attacks– speed and code compactness on many CPUs– design simplicity
![Page 25: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/25.jpg)
25
Rijndael AES Cipher
• Processes data as 4 groups of 4 bytes (state)• Has 9/11/13 rounds in which state undergoes: – byte substitution (1 S-box used on every byte) – shift rows (permute bytes between groups/columns) – mix columns (subs using matrix multiply of groups) – add round key (XOR state with key material)
• Initial XOR key material & incomplete last round• All operations can be combined into XOR and table
lookups - hence very fast & efficient
![Page 26: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/26.jpg)
26
Demo• http://www.cs.bc.edu/~
straubin/cs381-05/blockciphers/rijndael_ingles2004.swf
![Page 27: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/27.jpg)
27
Relationship between S-DES and DES• DES operates on 64-bit of input
• A 56-bit key is used, from which 16 48-bit sub keys are calculated
• There is IP of 56 bits, followed by a sequence of shifts and permutations of 48 bits
![Page 28: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/28.jpg)
28
Relationship between S-DES and DES (cont)• Encryption Algorithm– Mapping F acts on 32 bits (n1 n2 …n32)– After the Expansion/Permutation, the output of 48
bits is
![Page 29: Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.](https://reader034.fdocuments.us/reader034/viewer/2022051417/5697bfc91a28abf838ca8bb4/html5/thumbnails/29.jpg)
29
Relationship between S-DES and DES (cont)
• Encryption Algorithm (cont...)– This matrix is added (XOR) to a 48-bit sub key– There are 8 rows corresponding to 8 S-boxes– Each S-box has 4 rows and 16 columns– The 1st and last bit of a row of the preceding
matrix pick out a row of an S-box– The middle 4 bits pick out a column