Professional Documents
Culture Documents
1/21
Symmetric Key Crypto
• Alice and Bob shares a secret key Ks . She encrypts
plaintext message P to get C and sends it Bob over an
insecure channel.
• The ciphertext C may be intercepted by Eve but she
cannot get P. Bob is able to obtain P
• Components:
• Shared secret key Ks
• Encrypytion algorithm E(P, Ks )
• Decryption algotrithm D(C, Ks )
such that D(C, Ks ) = D(E(P, Ks ), Ks ) = P
• Two modes of operations:
• Stream ciphers
• Block ciphers
2/21
Stream cipher
4/21
Stream cipher – example
5/21
Stream cipher – One time pad (OTP)
6/21
Stream Cipher applications
7/21
Keystream
8/21
LFSR
10/21
Stream cipher using LFSR
• If at any time, the FF states are all zeros, the LFSR
becomes stuck as all subsequent outputs are zeros.
• Also, if the FF states reach the initial state, then the output
sequence starts to repeat.
• With m FF s, there are 2m posssible FF states
• Theorem: The maximum sequence length generated by an
LFSR of degree m is 2m − 1
• Only certain configurations of (pm−1 , · · · , p0 ) yeild
maximum length LFSR sequence.
• For stream cipher, the secret key is (pm−1 , · · · , p0 )
• LFSR is good PRNG with good statistical properties but
keystream using single LFSR can be easily broken.
• Solution: use several LFSRs in combination, e.g. in the
Trivium cipher
11/21
Summary – stream ciphers
12/21
Block Ciphers modes
13/21
ECB mode
• Encryption: yi = ek (xi ), i ≥ 1
Decryption: xi = ek−1 (yi ), i ≥ 1
• Indentical plaintex blocks are encrypted into identical
ciphertext blocks
• Encryption is deterministic
• Attacks:
• traffic analysis
• frequency analysis
• Substitution attack (homework: pg 126)
14/21
CBC – Cipher Block Chaining mode
• Encryption
The first block: y1 = ek (x1 ⊕ IV ),
then subsequent blocks: yi = ek (xi ⊕ yi−1 ), i ≥ 2
• Decryption is the reverse process
x1 = ek−1 (y1 ⊕ IV ), then xi = ek−1 (yi ⊕ yi−1 )
• The encryption is probabilistic.
• Usually IV is a nonce, not secret – can be sent in cleartext,
or counter value, derived from ID, etc.
15/21
CFB – Cipher Feed Back mode
• First block, IV is encrypted with the key, then XOR with the
plaintext block, si = ek (IV ), y1 = s1 ⊕ x1
• Subsequent blocks: previous encrypted key is encrypted
with key, XOR with plaintext:
si = ek (si−1 ), yi = si ⊕ xi , i ≥ 2
• Decryption: s1 = ek (IV ), x1 = s1 ⊕ y1
si = ek (si−1 ), xi = si ⊕ yi , i ≥ 2
• probablistic encryption
• The ’encrytion keys’ si can be computed independent of
plaintext, e.g. pre-computed.
17/21
CTR – Counter mode
• Key is encrypted
with a CTR
• CTR made up of IV
and counter value
• Generates a key
stream block
• Can be generated
independently of • Encryption:
plaintext – parallel yi = ek (IV k CTRi ) ⊕ xi , i ≥ 1
operation • Decryption:
• Non-deterministic xi = ek (IV k CTRi ) ⊕ yi , i ≥ 1
18/21
Galois Counter Mode
19/21
GCM
20/21
Summary – Block cipher modes
21/21