18 views

Original Title: Crypt 1 a AES,IDEA,Blowfish Intro

Uploaded by west_lmn

- Advanced Encryption Standard
- Multikey Manual
- pkcs-11v2-20
- Engineering journal ; Implementation of AES algorithm
- Jj 3117481752
- Cryptography and Network Security Principles and Practices, 4th Ed - William Stallings
- Rc5 Algorithm: Potential Cipher Solution for Security in Wireless Body Sensor Networks (Wbsn)
- A Survey of Botnet and Botnet Detection
- Paper
- Electronic Signatures _ Legal or Not!!
- Strong Authentication for RFID Systems
- New Microsoft Office Word Document
- Stuxnet - Wikipedia, The Fr..
- Reactivation UPDATED
- An FPGA Based Crypto Processor through Triangular Modulo Arithmetic Technique (TMAT)
- EPS LTE Security.pdf
- Documentation 122
- Robert Schilling & Friends
- IRJET- Managing Social Complaint using Mobile Application with Real-time Tracking
- Manual

You are on page 1of 40

Lecture Outline

AES Other block ciphers

In 1997, NIST made a formal call for algorithms stipulating that the AES ould specif! an unclassified, publicl! disclosed encr!ption algorithm, a"ailable ro!alt!# free, orld ide$ %oal& replace 'ES for both go"ernment and pri"ate# sector encr!ption$ The algorithm must implement s!mmetric ke! cr!ptograph! as a block cipher and (at a minimum) support block si*es of 1+,#bits and ke! si*es of 1+,#, 19+#, and +-.#bits$ In 199,, NIST announced a group of 1- AES candidate algorithms$

In 1999, out of 1-, the selction as narro ed to candidates& /A0S, 01., 0i2ndael, Serpent, and T ofish$ All the fi"e protocols ere thought to be secure 1riteria for selecting AES& securit!, robustness, speed On October +, +333, NIST announced that it has selected Rijndael (in"ented b! 4oan 'aemen and 5incent 0i2men) to propose for the AES$ 6ebruar! +331, 6I7S 197 (AES) as published for public re"ie and comments$

Securit!&

8 randomness, soundness, results of cr!ptanal!sis during e"aluation

1ost&

8 ro!alt!#free, computational efficienc!, memor! re9uirement

&

AES E#aluation

1riteria of the final e"aluation

8 general securit! 8 soft are implementation performance 8 hard are implementation (si*e < performance) 8 restricted#space en"ironments 8 attacks on implementations 8 encr!ption "s$ decr!ption

AES E#aluation

1riteria of the final e"aluation (continued)

8 ke! agilit! 8 other "ersatilit! and fle:ibilit!

= parameter fle:ibilit! = possibilit! of optimi*ing cipher elements for particular en"ironments

,i-n"ael Features

'esigned to be efficient in both hard are and soft are across a "ariet! of platforms$ Not a 6eistel Net ork >ses a "ariable block si*e, 128,192, 256bits, ke! si*e of 128-, 192-, or 256-bits. 5ariable number of rounds (13, 1+, 1?)&

8 13 if @ A B A 1+, bits 8 1+ if either @ or B is 19+ and the other is 19+ 8 1? if either @ or B is +-. bits

O#er#iew o( ,i-n"ael/AES

5ariable number of rounds (13, 1+, 1?)&

8 13 if B is 1+, bits 8 1+ if B is 19+ bites 8 1? if B is +-. bits

8 1+, bits A 1. b!tes A ? ords 8 needs NrC1 round ke!s for Nr rounds 8 needs ?? ords for 1+,#bit ke! (13 rounds)

8 1+, bits A 1. b!tes

State A D Add0oundBe!(State, Be!3) (op1) for r A 1 to Nr # 1 Sub@!tes(State, S#bo:) (op+) Shift0o s(State) (opE) /i:1olumns(State) (op?) Add0oundBe!(State, Be!r) endfor Sub@!tes(State, S#bo:) Shift0o s(State) Add0oundBe!(State, Be!Nr) F A State

10

A"",oun" 3ey

State is represente" as (ollows 41) 5ytes6'

S3,3 S1,3 S+,3 SE,3 S3,1 S1,1 S+,1 SE,1 S3,+ S1,+ S+,+ SE,+ S3,E S1,E S+,E SE,E

A"",oun"3ey4State, 3ey6'

7ey

state

state 11

Su5Bytes

@!te substitution using non#linear S#@o: (independentl! on each b!te)$ S#bo: is represented as a 1.:1. arra!, ro s and columns inde:ed b! he:adecimal bits , b!tes replaced as follo s& , b!tes defines a he:adecimal number rc, then sr,c A binar!(S#bo:(r, c)) ;o is AES S#bo: different from 'ES S#bo:G 8 Onl! one S#bo: 8 S#bo:es based on modular arithmetic ith pol!nomials, can be defined algebraicall!, not random 8 Eas! to anal!*e, pro"e attacks fail

12

S25o8 9a5le

0 1 2 3 4 5 6 7 8 9 A B C D E F 0 63 C% B7 !( !' 3 $! " C$ 6! #! #7 B% 7! #" &C 1 7C &2 F$ C7 &3 $" #F %3 !C &" 32 C& 7& 3# F& %" 2 77 C' '3 23 2C !! %% (! 3 (F 3% 37 2 B '& &' 3 4 5 6 7 8 9 A B C D E F 7B F2 6B 6F C 3! !" 67 2B F# $7 %B 76 7$ F% ' (7 F! %$ $( %2 %F 'C %( 72 C! 26 36 3F F7 CC 3( % # F" 7" $& 3" " C3 "& '6 ! '% !7 "2 &! #2 #B 27 B2 7 "% "B 6# % %! 2 3B $6 B3 2' #3 2F &( ED 2! FC B" B 6% CB B# 3' (% (C & CF FB (3 ($ 33 & ( F' !2 7F ! 3C 'F %& &F '2 '$ 3& F BC B6 $% 2" "! FF F3 $2 #C F '7 (( "7 C( %7 7# 3$ 6( $ "' 73 $C 22 2% '! && (6 ## B& "( $# # !B $B !% (' !6 2( C C2 $3 %C 62 '" ' #( 7' 6$ &$ $ (# %' 6C 6 F( #% 6 7% %# !& 2# "C %6 B( C6 #& $$ 7( "F (B B$ &B &% 66 (& !3 F6 !# 6" 3 7 B' &6 C" "$ '# "" 6' $' &# '( 'B "# &7 #' C# 2& $F !$ BF #6 (2 6& (" '' 2$ !F B! ( BB "6

1!

Shi(t,ows

S3,3 S1,3 S+,3 SE,3 S3,1 S1,1 S+,1 SE,1 S3,+ S1,+ S+,+ SE,+ S3,E S1,E S+,E SE,E S3,3 S3,1 S1,1 S1,+ S+,+ S+,E SE,E SE,3 S3,+ S1,E S+,3 SE,1 S3,E S1,3 S+,1 SE,+

1$

;i8Colu:ns

Interpret each column as a "ector of length ?$ Each column of State is replaced b! another column obtained b! multipl!ing that column ith a matri: in a particular field$

1&

3ey E8pansion

Be!E:pansion (b!te ke!H1.I, ord H??I) word tempJ for (iA3JiK?JiCC) HiIA(ke!H?LiI, ke!H?LiC1I, ke!H?LiC+I, ke!H?LiCEI) for (iA?J iK??J iCC) temp A Hi#1IJ if (I mod ? A 3) temp A SubMord(0otMord(temp)) 0conHiN?IJ HiI A Hi#?I tempJ

1)

3ey E8pansion

0otMord(Hb!te3, b!te1, b!te+, b!teEI) A Hb!te1, b!te+, b!teE, b!te, 3I SubMord(Hb!te3, b!te1, b!te+, b!teEI) A HSbo:Hb!te1I, Sbo:Hb!te1I, Sbo:Hb!te+I, Sbo:Hb!teEII 0conH2I A (01H2I, 3, 3, 3)

13

01H2I 31 3+ 3? 3, 13 +3 ?3 ,3 1@ E.

1*

State A D Add0oundBe!(State, Be!3) (op1) for r A 1 to Nr # 1 Sub@!tes(State, S#bo:) (op+) Shift0o s(State) (opE) /i:1olumns(State) (op?) Add0oundBe!(State, Be!r) endfor Sub@!tes(State, S#bo:) Shift0o s(State) Add0oundBe!(State, Be!Nr) F A State

1+

Su::ary o( ,i-n"ael

0i2ndaelOs strength is in design simplicit!, rich algebraic structure, and efficienc!$ Algorithms composed of three la!ers 8 Pinear diffusion 8 Non#linear diffusion 8 Be! mi:ing

1.

Decryption

The decr!ption algorithm is not identical ith the encr!ption algorithm, but uses the same ke! schedule$ There is also a a! of implementing the decr!ption ith an algorithm that is e9ui"alent to the encr!ption algorithm (each operation replaced ith its in"erse), ho e"er in this case, the ke! schedule must be changed$

20

,i-an"el Cryptanalysis

0esistant to linear and differential cr!ptanal!sis 'ifferential trail 8 7robabilit! that a gi"en difference aO pattern at input produces an output difference of bO 8 1hoose S#bo: and multiplication pol!nomial to minimi*e ma:imum difference probabilit!

21

,i-n"ael Cryptanalysis

Academic break on eaker "ersion of the cipher, 9 rounds 0e9uires +++? ork and +,- chosen related-key plainte:ts$ Attack not practical$

22

E1@ 1@1 16@ O6@ 1T0

2!

5ariable ke! length /i:ed operators& use more than one arithmetic andNor @ooleanJ this can pro"ide non#linearit! 'ata dependent rotation Be!#dependent S#bo:es Pength! ke! schedule algorithm 5ariable plainte:tNcipherte:t block length 5ariable number of rounds Operation on both data hal"es each round 5ariable 6 function ("aries from round to round) Be!#dependent rotation

2$

Originall! designed b! /asse! and Pai at ET; (Qurich), 1993$ @ased on mi:ing operations from different algebraic groups (DO0, addition mod +1. , multiplication mod +1. C1)$ All operations are on 1.#bit sub#blocks, ith no permutations used$ Speed& faster than 'ES in soft are$

2&

IDEA

'esign goals& 8 @lock Pength& deter statistical anal!sis 8 Be! Pength& deter e:hausti"e search 6eatures& 8 1+,#bit ke! 8 .? bit blocks 8 , rounds, 8 operates on 1.#bit numbers

2)

IDEA' Encryption

.?#bit data block is di"ided in ? parts& D1 D+ DE D? In each of eight rounds ith 1? steps the sub# blocks are DO0d, added, multiplied ith one another and ith si: 1.#bit sub#blocks of ke! material, and the second and third sub#blocks are s apped$ 6inall! some more ke! material is combined ith the sub#blocks$

2*

Total of -+ subke!s& .L,C? Subke! is generated b! di"iding the 1+, bits ke! in , : 1. bits ke!s$ E"er! time more subke!s are needed, rotate left the ke! +- bits and di"ide again in , subke!s$ The decr!ption ke!s are a little more difficult to generate$

2+

IDEA Cryptanalysis

1urrentl! there is no kno n practical attack against I'EA$ Appears secure against differential cr!ptanal!sis$ Be! length protects against e:hausti"e search$ I'EA has eak ke!s, a"oided at ke! generation$

2.

Blow(ish

A s!mmetric block cipher designed b! @ruce Schneier in 199EN9?$ 6ast implementation on E+#bit 17>s$ 1ompact& runs in less than -B of memor!$ Simple to implement and anal!*e its strength$ 5ariable securit!& can gi"e it larger ke!s$

!0

@lock si*e is .? Number of rounds is 1. >ses a ke! of "ariable si*e, from E+ to ??, bits$ The ke! is used to generate& 8 1, E+#bit subke!s stored in 7#arra!s 8 ? ,:E+ S#bo:es stored in S#arra!s 0e9uires -+1 encr!ptions, so it has a slo reke!ing$

!1

Blow(ish Cryptanalysis

Be! dependent S#bo:es and subke!s, generated using cipher itself, makes anal!sis "er! difficult$ 1hanging both hal"es in each round increases securit!$ 7ro"ided ke! is large enough, brute#force ke! search is not practical$

!2

Blow(ish Spee"

Fro: www.counterpane.com

Algorith: Blow(ish ,C& DES IDEA 9riple2DES Cloc7 cycles per roun" . 12 1+ &0 1+ = roun"s 1) 1) 1) + $+ = o( cloc7 cycles per 5yte encrypte" 1+ 2! $& &0 10+ (ree ,SA security &)25it 7ey Asco:2Systec

!!

,C&

7roprietar! cipher o ned b! 0SA 'ata Securit! (designed b! 0on 0i"est)$ 5er! fast, operates on ords$ 5ariable ke! si*e, block si*e and number of rounds$ 1lean and simple design$ Po memor! re9uirement$ 'ata#dependent rotations that strengthen the algorithm against cr!ptanal!sis$

!$

,C& Features

01- is a famil! of ciphers rc-# NrNb 8 M A ord si*e in bits (1.NE+N.?) nb dataA+ 8 0 A number of rounds (3$$+--) 8 @ A number of b!tes in the ke! (3$$+--) Nominal "ersion is 01-#E+N1+N1. 8 E+#bit ords so encr!pts .?#bit data blocks 8 >sing 1+ rounds 8 1. b!tes (1+,#bit) secret ke!

!&

01- uses +rC+ subke! ords ( #bits) subke!s are stored in arra! s[i], iA3$$T#1 Initiali*e S to a fi:ed pseudorandom "alue The b!te ke! is copied (little#endian) into a c# ord arra! P A mi:ing operation then combines P and S to form the final S arra!

!)

,C& Encryption

P3 A A C SH3I 03 A @ C SH1I for i A 1 to r do Pi A ((Pi#1 0i#1) KKK 0i#1) C SH+ L iI 0i A ((0i#1 Pi) KKK Pi) C SH+ L i C 1I

0otation is main source of non#linearit! : KKK ! c!clic rotation of ord : left b! ! bits : RRR ! c!clic rotation of ord : right b! ! bits

!*

,C& Decryption

for i A 1 down to r do 0i#1 A ((0i#1 # SH+ L i C1I) RRR Pi) Pi Pi#1 A ((Pi 8 SH+ L iI) KKK 0i#1) 0i#1 @ A 03 8 SH1I A A P3 8 SH3I

: KKK ! c!clic rotation of ord : left b! ! bits : RRR ! c!clic rotation of ord : right b! ! bits

!+

01- @lock 1ipher, is E1@ mode$ 01-#1@1, is 1@1 mode$ 01-#1@1#7A', is 1@1 ith padding b! b!tes ith "alue being the number of padding b!tes$ 01-#1TS, a "ariant of 1@1 hich is the same si*e as the original message, uses cipherte:t stealing to keep si*e same as original, handles plainte:t of an! si*e and produces cipherte:t of e9ual si*e$

!.

Su::ary

AES (1+, block si*e, ke! si*e 1+,, 19+, +-.) ne encr!ption standard that replaced 'ES$ No practical kno n attack e:ist$

$0

- Advanced Encryption StandardUploaded byEzequiel Barreto
- Multikey ManualUploaded byanh00
- pkcs-11v2-20Uploaded bytuanvukma6b
- Engineering journal ; Implementation of AES algorithmUploaded byEngineering Journal
- Jj 3117481752Uploaded byAnonymous 7VPPkWS8O
- Cryptography and Network Security Principles and Practices, 4th Ed - William StallingsUploaded bybansal_aditi03
- Rc5 Algorithm: Potential Cipher Solution for Security in Wireless Body Sensor Networks (Wbsn)Uploaded byijassnjournal
- A Survey of Botnet and Botnet DetectionUploaded byrikasaki
- PaperUploaded byJefferson Vera
- Electronic Signatures _ Legal or Not!!Uploaded byEsignly
- Strong Authentication for RFID SystemsUploaded bycrissdemon
- New Microsoft Office Word DocumentUploaded byyakubpasha.mohd
- Stuxnet - Wikipedia, The Fr..Uploaded byjgquintep
- An FPGA Based Crypto Processor through Triangular Modulo Arithmetic Technique (TMAT)Uploaded byeditor3854
- EPS LTE Security.pdfUploaded byUjjawal Mallik
- Documentation 122Uploaded bySujan Kumar
- Reactivation UPDATEDUploaded byKim Alexis
- Robert Schilling & FriendsUploaded byHafiyyan Silmi
- IRJET- Managing Social Complaint using Mobile Application with Real-time TrackingUploaded byIRJET Journal
- ManualUploaded byBrian Ridings
- dac16Uploaded bySantos Merino del Pozo
- A Technical Survey on Secure Video TransmissionUploaded byIJSTE
- A Es Implementation on Open ClUploaded byPhuc Hoang
- 1Uploaded bywaqar_quaidian
- Enhanced Efficient & Secure Steganography Algorithm with Low DistortionUploaded byIRJET Journal
- aes2010expandedexecutivesummaryforpostingUploaded byJohnver Bautista
- 10.1.1.134.3005Uploaded byИван Чижов
- 1Uploaded bymayurika2311
- Banking Mgmt.banking on Relationship (1)Uploaded by31luck86
- University Questions UNIT-I.docxUploaded byPonnarasi

- Automata 1Uploaded bywest_lmn
- Computer Graphics Lec_6.pdfUploaded bywest_lmn
- Computer Graphics Lec_5Uploaded bywest_lmn
- Computer Graphics Lec_6.2Uploaded bywest_lmn
- Computer Graphics Lec_1Uploaded bywest_lmn
- Automata 2Uploaded bywest_lmn
- Computer Graphics Lec_2Uploaded bywest_lmn
- Computer Graphics Lec_3Uploaded bywest_lmn
- Computer Graphics Lec_6.1Uploaded bywest_lmn
- Computer Graphics Lec_4Uploaded bywest_lmn
- Automata 3Uploaded bywest_lmn
- Automata 4Uploaded bywest_lmn

- BCMSUploaded byLuis Enrique Mendoza
- D61920GC10 ErrataUploaded byAjinkyaSoitkar
- ShodanUploaded byFlavio58IT
- Cns Lesson PlanUploaded bysujjarella pabba
- Vixiahfr80!82!800 Im EnUploaded byedrivera91
- uqufUploaded byAnonymous LaV8mFnem
- Abstract_SmartHome.docxUploaded byDr Patrick Cerna
- X-Plane Installer LogUploaded bymike
- MyOra 2.0.0 UserGuideUploaded bygflorezd
- Nokia IntroductionUploaded byayushimanu95
- 110701 SRVCCUploaded bypuneet
- thesisUploaded bySergio Hale
- VLSIUploaded byHarieswar Reddy
- Vanet ResumeUploaded byFajrin Alfi Syahrin
- ERMS Consultant GuideUploaded bysaozinha28
- ABB RED 615 ManualUploaded by2008shivani
- Ts5k500b Ds FinalUploaded byjaylorben
- LTE RF Optimization Training _ Long Term EvolutionUploaded byeric
- ORACLE to Oracle Replication Through Golden Gate 3Uploaded bySSABEEN
- C01 IntroductionUploaded bySateesh Nayani
- Photoshop.pdfUploaded byblob232
- Digital StethoscopeUploaded byDhaval Shah
- lec012 2.psUploaded bySowmya Kondapuram
- 10.1.1.120Uploaded byAugusto_Rueda__2666
- Allot WebSafe BusinessUploaded byJean-François Ahissi
- Adapative Dead Reckoning ALgorithms for Distributed Interactive SimulationUploaded byCaio Vilar
- List of Exhibitors in JapanUploaded byBrian Turner
- DIGITAL ELECTRONICS LAB MANUALUploaded byarivurp
- +Project2-isem500-Executive-v1 (1)Uploaded byUdayKiranGopalam
- Modelamiento para un Sistema de Riego por Control a Distancia vía InternetUploaded byMonrroy Nina Moisés Luis