Professional Documents
Culture Documents
Cryptography requires sets of integers and specific operations that are defined for those sets. The
combination of the set and the operations that are applied to the elements of the set is called an
algebraic structure.
1
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
process is known as modulo reduction
e.g.
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4
[(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
2
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Modular Exponentiation Example:
117 mod 13 = (11 mod 13) (11 mod 13) (11 mod 13) (11 mod 13) (11 mod 13) (11 mod 13)
(11 mod 13)
= (-2) (-2) (-2) (-2) (-2) (-2) (-2) mod 13
= - 128 mod 13
= - 11
= 2
117 mod 13 = 2
3
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
2.3 EUCLID’S ALGORITHM
Euclid(a,b)
if (b=0) then
return a;
else
Example:
4
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
GCD(100,25) = GCD(25,100 mod 25) = GCD(25,0)
//
Since b=0 , 25 is the GCD.
Therefore GCD(100,25) = 25
5
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
2.5 GROUPS, RINGS, FIELDS
GROUP
A group (G) is a set of elements with a binary operation (•) that satisfies four properties (or
axioms). A commutative group satisfies an extra property, commutativity
A set S of elements or “numbers” may be finite or infinite with some operation ‘.’ so G=(S,.) is
said to be a group if it obeys CAIN:
ABELIAN GROUP
A Group is said to be an abelian group if it already satisfying CAIN and commutative property
i.e.
RING
A set of “numbers” with two operations (addition and multiplication) which form:
6
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
an abelian group with addition operation and multiplication:
has closure
is associative
FIELD
A field, denoted by F = <{…}, •, > is a commutative ring in which the second operation satisfies
all five properties defined for the first operation except that the identity of the first operation has
no inverse.
ring
7
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Fig 1.13 Field
Group
–A set of numbers with some addition operation whose result is also in the set (closure).
–Obeys associative law, has an identity, has inverses.
–If group is commutative, we say Abelian group. Otherwise Non-Abelian group
Ring
–Abelian group with a multiplication operation.
–Multiplication is associative and distributive over addition.
–If multiplication is commutative, we say a commutative ring.
–e.g., integers mod N for any N.
Field
–An Abelian group for addition.
–A ring.
–An Abelian group for multiplication (ignoring 0).
–e.g., integers mod P where P is prime.
8
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
2.6 FINITE FIELD
A field is an algebraic structure that supports 2 pairs of operations such as (+,-, * and %)
A Finite field is a field with a finite number of elements.
GALOIS FIELD
The number of elements in a finite field must be a power of a prime pn known as Galois
fields.
A Galois Field GF (Pn) is a finite field with pn elements. Galois showed that for a field to
be finite the number of elements should be pn where ‘p’ is a prime number and ‘n’ is a positive
integer.
DES algorithm is a block cipher algorithm with a block size of 64 bits and a key size of 56 bits.
The same algorithm is used for decryption.
There are 16 rounds in DES algorithm. In each round a different key is generated. DES has become
widely used, especially in financial applications
The basic process consists of:
an initial permutation (IP)
16 rounds of a complex key dependent calculation f
a final permutation, being the inverse of IP
Function f can be described as
L(i) = R(i-1)
R(i) = L(i-1) P(S( E(R(i-1)) K(i) ))
9
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
DES ENCRYPTION
10
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
DES SINGLE ROUND
11
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
SUBSTITUTION BOX
• consists of:
• initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves
DES Decryption
12
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
• decrypt must unwind steps of data computationwith Feistel design
KEY SIZE
56-bit keys have 256 = 7.2 x 1016 values
Brute-force search looks hard
Recent advances have shown possibility
in 1997 on Internet in a few months
in 1998 on dedicated h/w (EFF) in a few days
in 1999 above combined in 22hrs!
Still, must be able to recognize plaintext
Now considering alternatives to DES
TIMING ATTACK
Attack actual implementation of cipher
Use knowledge of consequences of implementation to derive knowledge of some/all
subkey bits
Specifically use fact that calculations can take varying times depending on the value of
the inputs to it
Particularly problematic on smartcards
ANALYTIC ATTACKS
Several analytic attacks on DES
Utilize some deep structure of the cipher
by gathering information about encryptions
can eventually recover some/all of the sub-key bits
if necessary then exhaustively search for the rest
13
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Generally are statistical attacks
differential cryptanalysis
linear cryptanalysis
related key attacks
AVALANCHE EFFECT
• Desirable property of an encryption algorithm where a change of one input or key bit
results in changing approximately half output bits.
• using 3 keys 3DES has an effective key length of 168 bits (3*56)
C = EK3(DK2(EK1(P)))
It can also use 2 keys with E-D-E sequence as follows
C = EK1(DK2(EK1(P)))
This has been adopted by some Internet applications, e.g., PGP, S/MIME
14
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
2.9 DIFFERENTIAL AND LINEAR CRYPTANALYSIS
LINEAR CRYPTANALYSIS
It is a known plaintext attack used to extract the key
e.g.: k1 © k6 = i2 © i4 © i5 © o4
To be secure this should be true with p = .5 (probability over all inputs and keys)
If true with p = .5 + e then you might be able to use this to help break the system
DIFFERENTIAL CRYPTANALYSIS
It is a chosen plaintext attack used to extract the key
To apply a block cipher in a variety of applications, five "modes of operation" have been defined
by NIST (SP 800-38A). The five modes are intended to cover a wide variety of applications of
encryption for which a block cipher could be used. These modes are intended for use with any
symmetric block cipher, including triple DES and AES.
5. Counter mode(CTR)
16
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Advantages:
message repetitions may show in ciphertext
Uses:
secure transmission of single values
17
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Advantages:
a ciphertext block depends on all blocks before it
any change to a block affects all following ciphertext blocks.
NeedInitialization Vector (IV) which must be known to sender & receiver
Uses:
Bulk data encryption, authentication
18
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Ci = Pi XOR EK(Ci-1)
C-1 = IV
Advantages and Limitations
Uses:
Uses:
Stream encryption on noisy channels
20
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
COUNTER MODE (CTR)
Similar to OFB but encrypts counter value rather than any feedback value
Oi = EK(i)
Ci = Pi XOR Oi
Advantages:
efficiency
can do parallel encryptions in h/w or s/w
can preprocess in advance of need
random access to encrypted data blocks
must have a different key & counter value for every plaintext block (never reused)
Uses:
High-speed network encryptions
BYTE SUBSTITUTION
a simple substitution of each byte
uses one table of 16x16 bytes containing a permutation of all 256 8-bit values
each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits)
22
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Figure : Substitute byte transformation
SHIFT ROWS
It takes 128-bit (16-byte/four word) key and expands into array of 44 words
The key is copied into the first 4 words of the expanded key
The remainder of the expanded key is filled in 4 words at a time
Each added word w[i] depends on the immediately preceding word w[i-1]and the word 4
positions back w[i-4]
In 3 of 4 cases just XOR is used
25
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
For a word whose position in the w array is a multiple of 4, a more complex function(g) is used
The function g consists of the following subfunctions:
(i) Rotword performs one byte circular left shift on the word
(ii) Subword performs a byte substitution on each byte of the input word
(iii) the results of steps 1 and 2 is XORed with a round constant, Rcon
AES DECRYPTION
AES decryption is not identical to encryption since steps done in reverse
but can define an equivalent inverse cipher with steps as for encryption
but using inverses of each step
with a different key schedule
works since result is unchanged when
swap byte substitution & shift rows
swap mix columns & add (tweaked) round key
RC4 SECURITY
secure against known attacks
since RC4 is a stream cipher, the key must never be reused
INITIALIZATION OF S
Entries in S are set equal to the values from 0 through 255 in ascending order
S[0]= 0, S[1]= 1, ……….S[255]= 255
A temporary vector T is also created
If length of key K is 256 bytes, then T is transferred to T. Otherwise , for a key of length keylen
bytes, the first keylen elements of T are copied from K
27
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
Then K is repeated as many times as necessary to fill out T
for i= 0 to 255 do
S[i] = i;
T[i] = K[ i mod keylen];
INITIAL PERMUTATION OF S
Next we use T to produce the initial permutation of S.
This involves starting with S[0] and going through to S[255] and for each S[i], swapping S[i] with
another byte in S
j=0
for i = 0 to 255 do
j = (j + S[i] + T[i]) (mod 256);
swap (S[i], S[j]);
The only operation on S is a swap. So S contains all the numbers from 0 through 255
STREAM GENERATION
Once S vector is initialized, the input key is no longer used
Stream generation involves cycling through all the elements of S[i] and for each S[i] swapping S[i]
with another byte in S
After S[255] is reaches, the process continues starting over again at S[0]
i = j = 0;
for each message byte Mi
i = (i + 1) (mod 256);
j = (j + S[i]) (mod 256);
swap(S[i], S[j]);
t = (S[i] + S[j]) (mod 256) ;
k = S[t]
To encrypt, XOR k with the next byte of plaintext
To decrypt, XOR k with the next byte of ciphertext
28
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
often secure system failure due to a break in the key distribution scheme
given parties A and B have various key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous key to encrypt a new key
4. if A & B have secure communications with a third party C, C can relay key between
A&B
KEY HIERARCHY
typically have a hierarchy of keys
session key
temporary key
used for encryption of data between users
for one logical session then discarded
master key
used to encrypt session keys
shared by user & key distribution center
29
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College
KEY DISTRIBUTION ISSUES
hierarchies of KDC’s required for large networks, but must trust each other
session key lifetimes should be limited for greater security
use of automatic key distribution on behalf of users, but must trust system
use of decentralized key distribution
controlling key usage
30
CS 8792-CNS UNIT II Dr.R.Geetha /Professor & HoD / Department of CSE, S.A. Engineering College