P. 1
SymmetricEncryption

SymmetricEncryption

|Views: 294|Likes:
Published by Saniya Khanna

More info:

Published by: Saniya Khanna on Mar 28, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less

09/20/2011

pdf

text

original

Sections

  • Symmetric Encryption
  • Algorithms
  • Symmetric Cipher Model
  • Modern Block Ciphers
  • Block Cipher Principles
  • Confusion and Diffusion
  • Feistel Cipher Structure
  • Feistel Cipher Design Principles
  • Feistel Cipher Decryption
  • DES History
  • DES Design Controversy
  • DES Encryption
  • Initial Permutation IP
  • Substitution Boxes S
  • DES Key Schedule
  • DES Decryption
  • Avalanche Effect
  • Strength of DES ± Key Size
  • 3DES
  • Advanced Encryption Standard
  • International Data Encryption
  • Standard (IDEA)
  • Blowfish
  • RC5
  • Modes of Operation
  • Summary

Symmetric Encryption

Algorithms
CS-480b
Dick SteIlik
Text Network Security Essentials Wm. Stallings
Lecture slides by Lawrie Brown Edited by Dick SteIlik
Symmetric Cipher Model
· Plaintext
· Encryption Algorithm
· Secret Key (known to sender and receiver)
· Ciphertext
· Decryption Algorithm
Plaintext
Message
Encryption
Algorithm
Secret
Key
Plaintext
Message
Decryption
Algorithm
Secret
Key
Transmitted
Ciphertext
Modern Block Ciphers
· Block ciphers are among the most widely
used types oI cryptographic algorithms
· provide secrecy and/or authentication
services
· in particular will introduce DES (Data
Encryption Standard)
Block Cipher Principles
· most symmetric block ciphers are based on a
Feistel Cipher Structure
· needed since must be able to decrypt ciphertext to
recover messages eIIiciently
· block ciphers look like an extremely large
substitution
· would need table oI 2
64
entries Ior a 64-bit block
· instead create Irom smaller building blocks
· using idea oI a product cipher
Claude Shannon and Substitution-
Permutation Ciphers
· in 1949 Claude Shannon introduced idea oI
substitution-permutation (S-P) networks
· modern substitution-transposition product cipher
· these Iorm the basis oI modern block ciphers
· S-P networks are based on the two primitive
cryptographic operations we have seen beIore:
· substitution (S-box)
· permutation (P-box)
· provide confusion and diffusion oI message
ConIusion and DiIIusion
· cipher needs to completely obscure statistical
properties oI original message
· a one-time pad does this
· more practically Shannon suggested combining
elements to obtain:
· diffusion dissipates statistical structure oI
plaintext over bulk oI ciphertext
· confusion makes relationship between
ciphertext and key as complex as possible
eistel Cipher Structure
· Horst eistel devised the feistel cipher
· based on concept oI invertible product cipher
· partitions input block into two halves
· process through multiple rounds which
· perIorm a substitution on leIt data halI
· based on round Iunction oI right halI & subkey
· then have permutation swapping halves
· implements Shannon`s substitution-permutation
network concept
eistel Cipher Structure
eistel Cipher Design Principles
· -lock size
· increasing size improves security, but slows cipher
· key size
· increasing size improves security, makes exhaustive key searching harder,
but may slow cipher
· num-er of rounds
· increasing number improves security, but slows cipher
· su-key generation
· greater complexity can make analysis harder, but slows cipher
· round function
· greater complexity can make analysis harder, but slows cipher
· fast software en/decryption & ease of analysis
· are more recent concerns Ior practical use and testing
eistel Cipher Decryption
Data Encryption Standard (DES)
· most widely used block cipher in world
· adopted in 1977 by NBS (now NIST)
· as IPS PUB 46
· encrypts 64-bit data using 56-bit key
· has widespread use
· has been considerable controversy over its
security
DES History
· IBM developed LuciIer cipher
· by team led by eistel
· used 64-bit data blocks with 128-bit key
· then redeveloped as a commercial cipher with
input Irom NSA and others
· in 1973 NBS issued request Ior proposals Ior a
national cipher standard
· IBM submitted their revised LuciIer which was
eventually accepted as the DES
DES Design Controversy
· although DES standard is public there was
considerable controversy over design
· in choice oI 56-bit key (vs LuciIer 128-bit)
· and because design criteria were classiIied
· subsequent events and public analysis show
in Iact design was appropriate
· DES has become widely used, especially in
Iinancial applications
DES Encryption
Initial Permutation IP
· Iirst step oI the data computation
· IP reorders the input data bits
· even bits to LH halI, odd bits to RH halI
· quite regular in structure (easy in h/w)
· example:
IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)
DES Round Structure
· uses two 32-bit L & R halves
· as Ior any eistel cipher can describe as:

i
÷ R
i1
R
i
÷
i1
xor (R
i1
, K
i
)
· takes 32-bit R halI and 48-bit subkey and:
· expands R to 48-bits using perm E
· adds to subkey
· passes through 8 S-boxes to get 32-bit result
· Iinally permutes this using 32-bit perm P
DES Round Structure
Substitution Boxes S
· have eight S-boxes which map 6 to 4 bits
· each S-box is actually 4 little 4 bit boxes
· outer bits 1 & 6 (row bits) select one rows
· inner bits 2-5 (col bits) are substituted
· result is 8 lots oI 4 bits, or 32 bits
· row selection depends on both data & key
· Ieature known as autoclaving (autokeying)
· example:
$(18 09 12 3d 11 17 38 39) = 5fd25e03
DES Key Schedule
· Iorms subkeys used in each round
· consists oI:
· initial permutation oI the key (PC1) which
selects 56-bits in two 28-bit halves
· 16 stages consisting oI:
· selecting 24-bits Irom each halI
· permuting them by PC2 Ior use in Iunction I,
· rotating each half separately either 1 or 2 places
depending on the key rotation schedule K
DES Decryption
· decrypt must unwind steps oI data computation
· with eistel design, do encryption steps again
· using subkeys in reverse order (SK16 . SK1)
· note that IP undoes Iinal P step oI encryption
· 1st round with SK16 undoes 16th encrypt round
· ..
· 16th round with SK1 undoes 1st encrypt round
· then Iinal P undoes initial encryption IP
· thus recovering original data value
Avalanche EIIect
· key desirable property oI an encryption algorithm
· where a change oI one input or key bit results in
changing approx half output bits
· making attempts to 'home-in¨ by guessing keys
impossible
· DES exhibits strong avalanche
Strength oI DES Key Size
· 56-bit keys have 2
56
÷ 7.2 x 10
16
values
· brute Iorce search looks hard
· recent advances have shown is possible
· in 1997 on Internet in a Iew months
· in 1998 on dedicated h/w (E) in a Iew days
· in 1999 above combined in 22hrs!
· still must be able to recognize plaintext
· now considering alternatives to DES
Strength oI DES Timing Attacks
· attacks actual implementation oI cipher
· use knowledge oI consequences oI
implementation to derive knowledge oI
some/all subkey bits
· speciIically use Iact that calculations can
take varying times depending on the value
oI the inputs to it
· particularly problematic on smartcards
Strength oI DES Analytic Attacks
· now have several analytic attacks on DES
· these utilize some deep structure oI the cipher
· by gathering inIormation about encryptions
· can eventually recover some/all oI the sub-key bits
· iI necessary then exhaustively search Ior the rest
· generally these are statistical attacks
· include
· diIIerential cryptanalysis
· linear cryptanalysis
· related key attacks
3DES
· Made part oI DES in 1999
· Uses 3 keys and 3 DES executions
· using 3 keys 3DES has an eIIective key length oI 168 bits (3*56)
· Iollows encrypt-decrypt-encrypt (EDE)
· the decryption phase is Ior backwards compatibility with single DES
· IPS algorithm oI choice
· Govt. organizations using DES are encouraged to convert
to 3DES
· 3DES and AES will exist simultaneously allowing a
gradual migration to AES
Advanced Encryption Standard
· Proposed successor to DES
· DES drawbacks
· algorithm designed Ior 1970s hardware implementation
· perIorms sluggishly in soItware implementations
· 3DES is 3 times slower due to 3 rounds
· 64 bit blocksize needs to be increased to spped things up
· AES Overview
· 128, 192, 256 bit blocksize (128 bit likely to be most common)
· Not a eistal structure, process entire block in parallel
· 128 bit key, expanded into 44, 32bit words with 4 words used Ior
each round
International Data Encryption
Standard (IDEA)
· Developed in Switzerland 1991
· 128 bit key, 64 bit blocksize, 8 rounds
· algorithm is quite diIIerent than DES,
· doesn`t use S-boxes
· uses binary addition rather than exclusive-or
· used in Pretty Good Privacy (PGP)
BlowIish
· 1993 Bruce Schneier
· Popular alternative to DES
· Variable length keys - 128 bits but up to 448 bits
· up to 16 rounds
· 64 bit blocksize
· used in many commercial soItware packages
RC5
· 1994 Ron Rivest
· one oI inventors oI RSA public key algorithm
· RC 2040
· good Ior either hard/soItware implementations
· Iast
· adaptable to processors oI diIIerent word sizes
· variable length keys, variable number oI rounds
· low memory requirements
· intended Ior high security applications
· included in a number oI RSA Data Securities products
Modes oI Operation
· block ciphers encrypt Iixed size blocks
· eg. DES encrypts 64-bit blocks, with 56-bit key
· need way to use in practise, given you usually
have arbitrary amount oI inIormation to encrypt
· Iour were deIined Ior DES in ANSI standard
SI X3.106-1983 Modes of Use
· subsequently now have 5 Ior DES and AES
· have -lock and stream modes
Electronic Codebook Book (ECB)
· message is broken into independent blocks
which are encrypted
· each block is a value which is substituted, like
a codebook, hence name
· each block is encoded independently oI the
other blocks

= DE$
1
(P

)
· uses: secure transmission oI single values
Electronic Codebook Book (ECB)
Advantages and Limitations oI ECB
· repetitions in message may show in ciphertext
· iI aligned with message block
· particularly with data such graphics
· or with messages that change very little, which become
a code-book analysis problem
· weakness due to encrypted message blocks being
independent
· main use is sending a Iew blocks oI data
Cipher Block Chaining (CBC)
· message is broken into blocks
· but these are linked together in the encryption
operation
· each previous cipher blocks is chained with
current plaintext block, hence name
· use Initial Vector (IV) to start process

= DE$
1
(P

#
1
)

1
= IV
· uses: bulk data encryption, authentication
Cipher Block Chaining (CBC)
Advantages and Limitations oI CBC
· each ciphertext block depends on all message blocks
· thus a change in the message aIIects all ciphertext blocks
aIter the change as well as the original block
· need Initial Value (IV) known to sender & receiver
· however iI IV is sent in the clear, an attacker can change bits oI the
Iirst block, and change IV to compensate
· hence either IV must be a Iixed value (as in ETPOS) or it must be
sent encrypted in ECB mode beIore rest oI message
· at end oI message, handle possible last short block
· by padding either with known non-data value (eg nulls)
· or pad last block with count oI pad size
· eg. | b1 b2 b3 0 0 0 0 5| ·- 3 data bytes, then 5 bytes pad¹count
Cipher eedBack (CB)
· message is treated as a stream oI bits
· added to the output oI the block cipher
· result is Ieed back Ior next stage (hence name)
· standard allows any number oI bit (1,8 or 64 or
whatever) to be Ieed back
· denoted CB-1, CB-8, CB-64 etc
· is most eIIicient to use all 64 bits (CB-64)

= P

# DE$
1
(
1
)

1
= IV
· uses: stream data encryption, authentication
Cipher eedBack (CB)
Advantages and Limitations oI CB
· appropriate when data arrives in bits/bytes
· most common stream mode
· limitation is need to stall while do block
encryption aIter every n-bits
· note that the block cipher is used in
encryption mode at -oth ends
· errors propagate Ior several blocks aIter the
error
Summary
· have considered:
· block cipher design principles
· DES
· details
· strength
· Modes oI Operation
· ECB, CBC, CB

$22097.5074/0
W W W W W
!,3909 3.759434792 $0.7090 34394803/07,3/70.0;07 507909 0.759434792
$0.709 0 $0.709 0

!,3909 088,0 

3.75943 4792 %7,382990/ 507909 

0.75943 4792

!,3909 088,0

4/0734.5078
W 4..5078,70,243902489/0
:80/950841.75947,5.,47928 W 574;/080.70.,3/

47,:9039.,943 807;.08 W 35,79.:,73974/:.0$ ,9, 3.75943$9,3/,7/

5078.507!73..-4.3097020..70.70-.4.507 .07-:/3-4.759 .08011.039 -4.41.-094/0.90174282.5078440.4.9:70 300/0/83.-041 039708147.072088.80/43. -9-4.8 :83/0.574/:. 3890.70 8:-899:943 4:/300/9.9. W W W W W 0890507$97:.02:89-0.508 W 2489822097./.50790994 70.

4507.431:843 .33433974/:..41 8:-899:943 5072:9.9..:/0$.80/4390945729.75947.9435078 W 3.08003-01470 W 8:-899:943 $ -4 W 5072:9.3/$:-899:943 !072:9.884124/073-4./0.38548943574/:.3//11:843 412088.0 .5.:/0$.0 .0//0.943 ! -4 W 574.5078 W $ !309478.94380.3343.507 W 9080147290-..943 $ ! 309478 W 24/0738:-899:943 97.70-.

3/11:843 W .989.94385-09003 .9.507909..430 9205.4250.07-:41.:7089.507300/894.431:843 2.507909 .3/0.0 . W W W W 57450790841473.3 /11:843 /885..2088.8..85488-0 .9:7041 5.42-33 0020398944-9.0870.//40898 247057.897:.33438:0890/.39094.431:843.$.90889.989.4250904-8..

08 W 25020398$.059 .9.088974:2:95074:3/8.80/43.05072:9.43.3343 88:-899:943 5072:9.79943835:9-4..39494.8:-899:94343019/.80/4374:3/1:3.. 5071472.43.1 -.507 W -.059413.1 8:-0 903.507 W 5.9:70 W 47890890/0.943 30947.9438...079-0574/:.9.0890507$97:.553.9434179.08 W W W W 574.80/9010890.

9:70 .0890507$97:.

7003.3.88.:89.507 W 74:3/1:3.898419.:79 -:9848.42509.32.508 W -4.3.7.507 W 3:2-074174:3/8 W 3.83802574.:79 2.907.080.943 W 70.907.70.0080.:79 -:9848.7/07 -:9848.70.943 W 70.0.32.80 W 3.42509.833:2-072574.83802574.507 W 080 W 3.507 W 8:-00307.7/07 -:9848.0880.0880..7/07  -:92.0.3.0880..84.88.507 W 1.0890507083!73.70.

8041.75943 0..9..:80./0.073814757.039.3.88 W .3/90893 .43.70247070.

75943 .08905070.

8!$!& W 03.7598 -9/.-0.:83 -90 W .9../4590/3-$ 34$% W .43974.3/.75943$9.8-003./:80 W .0798 80.8/08570.:79 .507347/ W .3.0784.9.438/07..7/ $ W 2489/0:80/-4.

8.42207.$8947 W /0..80/:.890$ .8147.039:.7/ W 8:-2990/90770..50789..89 -90 W 90370/0..107.. 3..943..8 0.0450/:.5079 35:91742$.0590/.20/-0890 W :80/ -9/.3/49078 W 3$88:0/706:089147574548..0450/.9.-4.3/.507 W -90.107.

9/083.041 -90 .070.3 13.0398..8:..-0.90 W $.55..8 .078 W .43974.3..9438 .94:$89...7/85:-.8.3/-0.$08343974..107 -9 W .:80/083.8-0.0784.557457.9070.3/5:-.8810/ W 8:-806:0390.8884 31.420/0:80/ 0850.3/.07/083 W 3.3.438/07.7907..4.

75943 .$3.

!072:9.9.39.9:70 0.9.943! W W W W W 178989054190/.83..1 4//-9894#.943 !7047/0789035:9/.425:9.-98 0.73897:.03-9894.1 6:9070:.

 0.250 ! .  11-/ /11- .0.-.

9:70 W :80894 -9 #.7-0.30890.8  #  #   47 #   W 9.5072:90898:83 -95072! .3/ -98:-0.8808974:$ -4089409 -9708:9 13.1...8147.08 W .//8948:-0 5.3/08.$#4:3/$97:.08 -9#.3/ W W W W 05.507.3/8#94 -98:835072 .

9:70 .$#4:3/$97:.

9430748 W 3307-98  .250 $  / 1/0  ..:9403 W 0.708:-899:90/ W 708:9849841-98 47-98 W 74800....3 .9:.943/0503/843-49/.009$ -408.$ -48.$:-899:943408$ W .2.990-9-408 W 4:907-98  74 -98 800.9:70343..:94. 0 W 10.594-98 W 0.8.9.4 -98 .

 800..08 W 89.5072:9.9438.08.930..9431  W 749.0/:0 W 147288:-08:80/30.43889841 W 39.900907475..1 805.$0$.0/:0  .7.98 -98394 -9..74:3/ W .43889341 W 800.1 W 5072:93902-!147:8031:3..08 /0503/343900749.94341900 ! ...93 -9817420.

425:9...75974:3/ 974:3/9$:3/4088903.$0.078047/07 $ $ 34909.9..7594389058.4.!:3/40839.3 :838:-08370./.7592:89:33/8905841/.03.9!:3/40813.75943 W W W W W W W W W /0.:0 .073473..75943! 9:870.!89054103.75974:3/ 90313.9.75943 8974:3/9$:3/408903.943 90890/083 /403.

.3.304143035:9470-9708:983 .3.9 W 0/087..0 .4792 W 070.990259894 420 3 -:088308 25488-0 W $0-9889743.33.5574.1 4:95:9-98 W 2....3.-0574507941..303.75943.0110....

.08.080.$9703941$ 0$0 W  -908./.3.90/..039.7/ W 70.1024398 W 343/0/..7.084385488-0 W 34339073093..0    ..:08 W -7:90147.448.

4305.3909 W 34.-09470.0894$ .42-30/378 W 892:89-0.-4.8 W 3.438/073.9073.  3.9.10/.0.

507 W :80340/041.94341.94394/07.0841 2502039..43806:03.99.2502039.8.9:..8 W ..$9703941$ %2399.0340/041 8420.

..99.7574-02.3 9.9....:0 419035:98949 W 5...:801.7/8 ...79.1.:.79.9438.739208/0503/34390.8:-0-98 W 850.4382.:.9.0.

-4:903..9:704190.3.080.9.8 W 34...30.039:..9.07.$9703941$ 3.907331472.943.759438 W .70.078420.507 W -.4..99.843$ W 9080:908420/005897:.99..

.90/0.989.88 W 70.9080.8 .:89.3.99...8 W 3.99.759.088.3..:/0 W /1107039.79030.41908:- 0-98 W 130.7089.88 W 30.759..7..147907089 W 0307.7.080.

425.079 94$ W $.4.$ W .8.759 03..9-99830$ W !$.:9438 W :8308$.30110.7941$3 W &80808. 7.0003941-98    W 144803.3/$00.43.3.0 W 4.9438:83$.304:8..759 /0.94394$ ./05.0/94.7003.479241.3/$08982:9.759  W 90/0.7/8.9.27./:.4:7.43.9 47.808147-.759435.

70.0884794$ W $/7..74:3/ .9:70 574.702502039.4792/0830/147 8.08803970-4.7.42243 W 49..75943$9.7/ W !745480/8:.-.80 -9094-02489.8 W .089.0 W   -9-4..7/.3/0/394 -947/8947/8:80/147 0.9438 W $892088407/:09474:3/8 W -9-4./.943 W 507147288:838419.35..80/948550/938:5 W $ .07.702502039.0 W -90 05.80300/894-03.897:.0/3.3/.3.

3/...3$  W /4083 9:80$ -408 W :808-3.//9437.943.75943 $9.9.30..3.7.0450/3$907.80 74:3/8 W .7/  W 0.39073. !! .9079.3/ W -90 -9-4.479286:90/11070399.0 47 W :80/3!709944/!7.:8.

705.80 :80/32.7.42207.9073.094$ '.08 .418 W W W W W W  7:.7.9.0$...3.8419.-003908 -98-:9:594-98 :59474:3/8 -9-4.3007 !45:..

4792 #  44/1470907.089 W W W W W W W W W 430413.03947841#$5:-.7/.0.# W  #43#.

:/0/3.:7908574/:.9438 1.98 .89 .59.702502039.9438 3.9.-003908 .55.3:2-0741#$./..7.-094574.-03:2-074174:3/8 420247706:7020398 3903/0/14780..8419.7.$0.:79.08847841/110703947/808 ..

..7598 -9-4.0-4.7.0.4/0841 507.980 .75910/80-4.94:80357.2 24/08 ..3/.034::8:.759 W 14:7070/0130/147$3$89. .3/$ W ..3/8970.8 W 0 $03.9439403..7/ $   4/0841&80 W 8:-806:03934.7-97.8 9 -90 W 300/.943 W -4. .24:394131472.0147$.507803.

-4....:7097.88:-899:90/ 0 .4/0/3/0503/0394190 4907-4.8 .20 W 0.4/0-4444  W 2088..:0.4/0-44 03.8  $ ! W :80880..9743.08-74033943/0503/039-4.0.8.7003.03.382884341830.:08 ..-4..7590/ W 0.803.

4/0-4444  .0.9743.

79/.08.8:.4/0 -44.0-4.8 W 4792088../.30/92088.3/29.7.8-03 3/0503/039 W 2.9.07990 .9.79.7590/2088.88574-02 W 0.3:808803/3..841/.30.02.943841 W 70509943832088. W 5.-0.3088/:09403.10-4.843.5.39.3.420 .507909 W 1.:.9.0-4.089. ..

943 W 0.570.943 .9.79574.20 W :8039.8 W -:99080.'0.75943 4507.088  $ !  #    ' W :808-:/.08-7403394-4.:770395.:9039..03..507-4. 03.88.30/9 .5074..03..7030/94090739003.33   W 2088.3909-4.75943 .947 ' 9489.4:8.

33  ..5074.

.4:39 .0 .08. .0-4.39.00907'2:89-0.//309079343343 /.943841 W 0.30-984190 1789-4.9.890473..7590/324/0-014707089412088.. W -5. 2088.110..9./0503/843.9.7 .89-4.071'88039390.83%! $ 4792:89-0 803903.0.3./ .8 .10/.3/29.:0 ' 34394803/07 70.30...425038..30'94.07.90 W 03...507909-4.3.'.99..80./.507909-4.0 W .07 W 40..4:39415.0../80 W 0 ---    ( /.8 W 9:8. W 300/39.898479-4.903/412088.-908 903-9085..3/.0.:0 .3/05488-0.-4.303902088.:0 03:8 W 475..190790./.98.

2/.-98    !  #$     ' W :8088970..0 03..48..8970.241-98 .14730989.8.08970.03. W 82489011.33:2-0741-9  4747 .  W W W W 2088.//0/94904:95:94190-4. W /03490/     09.9.03.90.50700/.07 94-0100/-.:9039..20  89.943 .90/.7/.03994:80..3/.507 708:98100/-.75943 .

.50700/.  .

9.3/29.943841 W .9003/.08..557457..77.083-98./.39.

.224/0 W 29.07.5078:80/3 03.8.75943.9014780.990-4.75943 24/0.073 -98 W 34909.9-49 03/8 W 0774785745. 03.9438300/9489.190790 07747 .-908 W 2489.0/4-4.422438970..-4.19070.

943 W    .507/083573.7 W .0...438/070/ W -4.8 W 897039 W 4/0841 507.$:22.508 W $ W /09.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->