blockcipher security notions
play

Blockcipher Security Notions Martijn Stam Department of Computer - PowerPoint PPT Presentation

Jul 22, 2023 •32 likes •882 views

1 / 24 Blockcipher Security Notions Martijn Stam Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB United Kingdom. Sibenik, 7 June 2016 Basic Syntax of Blockciphers DES

  1. 1 / 24 Blockcipher Security Notions Martijn Stam Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB United Kingdom. ˇ Sibenik, 7 June 2016

  2. Basic Syntax of Blockciphers DES and AES 2 / 24 Data Encryption Standard (DES) An Early Blockcipher 1970s: DES provided the first FIPS standard for a blockcipher It takes as input: a 56-bit string k called the key a 64-bit string x called the plaintext or input block. and outputs a 64-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← DES k ( x ) then x ← DES − 1 k ( y )

  3. Basic Syntax of Blockciphers DES and AES 3 / 24 Advanced Encryption Standard (AES) A Modern Blockcipher Turn of Century: NIST approves AES as successor of DES. AES - 128 takes as input: a 128 -bit string k called the key a 128-bit string x called the plaintext or input block. and outputs a 128-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← AES k ( x ) then x ← AES − 1 k ( y )

  4. Basic Syntax of Blockciphers DES and AES 4 / 24 Advanced Encryption Standard (AES) A Modern Blockcipher Turn of Century: NIST approves AES as successor of DES. AES - 192 takes as input: a 192 -bit string k called the key a 128-bit string x called the plaintext or input block. and outputs a 128-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← AES k ( x ) then x ← AES − 1 k ( y )

  5. Basic Syntax of Blockciphers DES and AES 5 / 24 Advanced Encryption Standard (AES) A Modern Blockcipher Turn of Century: NIST approves AES as successor of DES. AES - 256 takes as input: a 256 -bit string k called the key a 128-bit string x called the plaintext or input block. and outputs a 128-bit string y called the ciphertext or output block. The algorithm is stateless, deterministic, and invertible. ∀ k , x If y ← AES k ( x ) then x ← AES − 1 k ( y )

  6. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where K is the set of keys, X the set of plaintext blocks

  7. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where K is the set of keys, X the set of plaintext blocks Notation for blockciphers Block ( K , X ) denotes the set of all possible blockciphers of given dimensions Perm ( X ) denotes the set of all permutations on X .

  8. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Notation for E ∈ Block ( K , X ) Let k ∈ K we write E k ( · ) for E(k , · ). As E k ∈ Perm ( X ) it has an inverse E − 1 or D k k y

  9. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Notation for E ∈ Block ( K , X ) Let k ∈ K we write E k ( · ) for E(k , · ). As E k ∈ Perm ( X ) it has an inverse E − 1 or D k k y For all k ∈ K , x ∈ X : D k (E k ( x )) = E k (D k ( x )) = x

  10. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Using bitstrings as inputs K = { 0 , 1 } K for some key-length K ∈ ◆ X = { 0 , 1 } n for some block-length n. y

  11. Basic Syntax of Blockciphers Formal Syntax 6 / 24 Blockciphers Syntax A blockcipher is a set of keyed permutations E : K × X → X where x K is the set of keys, X the set of plaintext blocks E k Using bitstrings as inputs K = { 0 , 1 } K for some key-length K ∈ ◆ X = { 0 , 1 } n for some block-length n. y DES has n = 64 and k = 56; AES has n = 128 and k ∈ { 128 , 192 , 256 }

  12. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? What security would you expect from a blockcipher? x E k y

  13. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k y

  14. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k learn plaintexts! y

  15. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k learn plaintexts! predict ciphertexts! y

  16. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! E k learn plaintexts! predict ciphertexts! distinguish its output from random! y

  17. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! predict ciphertexts! distinguish its output from random! y

  18. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! Which plaintexts? predict ciphertexts! distinguish its output from random! y

  19. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! Which plaintexts? predict ciphertexts! In what context? distinguish its output from random! y

  20. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x Some random thoughts... It should be hard to recover they key! But when? E k learn plaintexts! Which plaintexts? predict ciphertexts! In what context? distinguish its output from random! Random in what sense? y

  21. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x More precise definitions are needed, that highlight what an adversary can do and tries to achieve take into account the context in which the E k blockcipher is used y

  22. Basic Security of Blockciphers Ideas? 7 / 24 Blockcipher Security Ideas? x More precise definitions are needed, that highlight what an adversary can do and tries to achieve take into account the context in which the E k blockcipher is used ...so useful conclusions for real world applications can be drawn. y

  23. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication Hi E k E k I’m here Anna Bob Bye Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages;

  24. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication Hi E k E k I’m here Anna Bob Bye Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages; The content of the messages should remain hidden from Eve;

  25. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication yWj E k E k s 5Yc6sdf Anna Bob Flan Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages; The content of the messages should remain hidden from Eve;

  26. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication yWj E k E k s 5Yc6sdf Anna Bob Flan Two parties, Anna and Bob want to communicate with each other: Anna wants to send Bob messages; The content of the messages should remain hidden from Eve; Adversary Eve can see but not modify the transmissions.

  27. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key;

  28. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key; They both like the same blockcipher

  29. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key; They both like the same blockcipher Anna swims in a pool

  30. Basic Security of Blockciphers Blockcipher Use Scenario 8 / 24 How are blockciphers used? Scenario 1: Secure Communication k k yWj E k E k s 5Yc6sdf Anna Bob Flan Some enabling assumptions: Anna and Bob already magically share a secret key; They both like the same blockcipher Anna swims in a pool of randomness

  31. Basic Security of Blockciphers Blockcipher Use Scenario 9 / 24 Confidentiality of a single 3-block message CTR Encryption IV IV + 1 IV + 2 IV + 3 E k E k E k m 1 m 2 m 3 c 0 c 1 c 2 c 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata

New Blockcipher Modes of Operation with Beyond the Birthday Bound Security Tetsu Iwata Ibaraki University March 17, 2006 Fast Software Encryption, FSE 2006, Graz, Austria, March 1517, 2006 Blockcipher Modes Algorithms

1.42k views • 30 slides
Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth

Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth

Design approach to efficient blockcipher modes Kazuhiko Minematsu, NEC Corporation The Fourth Asian Workshop on Symmetric Key Cryptography, 19%22, December 2014, SETS Chennai, India 1 Introduction Blockcipher mode : turning a blockcipher

702 views • 59 slides
On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul

On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul

On the Security of Hash Functions Employing Blockcipher Post-processing Donghoon Chang 1 , Mridul Nandi 2 , Moti Yung 3 1 National Institute of Standards and Technology (NIST), USA 2 C R Rao AIMSCS, Hyderabad, India 3 Google Inc. and Department of

605 views • 35 slides
Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University

Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University

Salvaging Weak Security Bounds for Blockcipher-based Constructions Thomas Shrimpton (University of Florida) Seth Terashima (Qualcomm Technologies, inc.) What weak bounds? ...from encrypting lots of data Intel Hardware RNG: Single-machine

246 views • 23 slides
The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho

The 128-bit Blockcipher CLEFIA Taizo Shirai 1 , Kyoji Shibutani 1 , Toru Akishita 1 Shiho Moriai 1 , Tetsu Iwata 2 1 Sony Corporation 2 Nagoya University Direction for designing a new blockcipher Priority for Choosing an algorithm 1.

464 views • 19 slides
New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran &

New Notions of Security: Universal Composability without Trusted Setup Manoj Prabhakaran & Amit Sahai Princeton University To appear in STOC04 Defining Security Central Problem in Cryptography Understanding what we want and what we

1.13k views • 34 slides
Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017

Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017

Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017 Tokyo, Japan 1 / 11 Outline Secure channels and how they are modeled Security notions for bidirectional channels Analysis of bidirectional

602 views • 39 slides
Advanced security notions for the SSH secure channel: theory and practice Kenny Paterson -

Advanced security notions for the SSH secure channel: theory and practice Kenny Paterson -

Advanced security notions for the SSH secure channel: theory and practice Kenny Paterson - @kennyog Based on joint work with Martin Albrecht, Jean Paul Degabriele and Torben Hansen Information Security Group Overview 1. Introducing SSH 2. SSH

817 views • 52 slides
Objectives Security Notions of MACs NMACs and HMACs CBC-MACs Low Power Ajit Pal

Objectives Security Notions of MACs NMACs and HMACs CBC-MACs Low Power Ajit Pal

Message Authentication Codes (MACs) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Security Notions of MACs NMACs and HMACs

158 views • 12 slides
Security Notions 1

Security Notions 1

Security Notions 1 Unbreakable Cryptosystems ??? Almost all of the practical cryptosystems are theoretically breakable given the time are theoretically breakable given

1.1k views • 37 slides
White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile

White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile

White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile Delerabl Tancr` Pascal Paillier 1 Matthieu Rivain 1 CryptoExperts 1 , erieure 2 Ecole Normale Sup SAC 2013 Outline 1 What is white-box

406 views • 38 slides
Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography

Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography

ISC conference, September 2009, Pisa, Italy Outline Towards Security Notions for Motivation: White-Box Cryptography White-Box Cryptography The Theory of Obfuscation Brecht Wyseur (im)possibility results ISC 2009, September 2009

280 views • 3 slides
Consolidating Security Notions in Hardware Masking CHES 2019 Lauren De Meyer, Begl Bilgin,

Consolidating Security Notions in Hardware Masking CHES 2019 Lauren De Meyer, Begl Bilgin,

Consolidating Security Notions in Hardware Masking CHES 2019 Lauren De Meyer, Begl Bilgin, Oscar Reparaz P ROBLEM : SIDE - CHANNEL ANALYSIS S OLUTION : M ASKING P ROBING MODEL [ISW03] Adversary can probe up to intermediate values

885 views • 34 slides
From obfuscation to white-box crypto: relaxation and security notions Matthieu Rivain WhibOx

From obfuscation to white-box crypto: relaxation and security notions Matthieu Rivain WhibOx

From obfuscation to white-box crypto: relaxation and security notions Matthieu Rivain WhibOx 2016, 14 Aug, UCSB What does this program do?

709 views • 66 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Introduction Specification for COFB Hardware Implementation Results of COFB-AES Conclusions References Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure Platform laboratories, Japan) Tetsu Iwata

470 views • 35 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical

457 views • 35 slides
Game of Trees Stefan Sperling < stsp@openbsd.org > EuroBSDcon 2019 What is Game of Trees?

Game of Trees Stefan Sperling < stsp@openbsd.org > EuroBSDcon 2019 What is Game of Trees?

Game of Trees Stefan Sperling < stsp@openbsd.org > EuroBSDcon 2019 What is Game of Trees? Game of Trees is a work-in-progress version control system which attempts to be appealing to OpenBSD developers. designed and written from scratch

1.08k views • 72 slides
Recent Space Weather Advances ICTP Trieste, Italy by Research Community in Italy Y. Migoya- Oru 1

Recent Space Weather Advances ICTP Trieste, Italy by Research Community in Italy Y. Migoya- Oru 1

ISWI Workshop 2019 Recent Space Weather Advances ICTP Trieste, Italy by Research Community in Italy Y. Migoya- Oru 1 , C. Plainaki 2 , V. Romano 3, , U. Villante 4 1 ICTP, Trieste, Italy, yenca@ictp.it, ISWI National co-coordinator 2 ASI

613 views • 42 slides
Releasing ESO Public Survey Data through the Phase 3 Jrg Retzlaff European Southern

Releasing ESO Public Survey Data through the Phase 3 Jrg Retzlaff European Southern

Releasing ESO Public Survey Data through the Phase 3 Jrg Retzlaff European Southern Observatory Data Management and Operations Division, Archive Science Group (ASG) CoSADIE Astronomical Data Center Forum,

261 views • 22 slides
DARK MATTER IN DSPH Paolo Salucci (& G. Gilmore) SISSA (Oxford) Outline of the Review Dark

DARK MATTER IN DSPH Paolo Salucci (& G. Gilmore) SISSA (Oxford) Outline of the Review Dark

DARK MATTER IN DSPH Paolo Salucci (& G. Gilmore) SISSA (Oxford) Outline of the Review Dark Matter is main protagonist in the Universe The concept of Dark Matter in virialized objects Dark Matter in Spirals, Ellipticals, dSphs Dark and

551 views • 28 slides
LTE WLAN B LTE, WLAN, B LUETOOTH AND OO F UTURE F UTURE Aditya K. Jagannatham Indian Institute

LTE WLAN B LTE, WLAN, B LUETOOTH AND OO F UTURE F UTURE Aditya K. Jagannatham Indian Institute

LTE WLAN B LTE, WLAN, B LUETOOTH AND OO F UTURE F UTURE Aditya K. Jagannatham Indian Institute of Technology Kanpur Indian Institute of Technology Kanpur Commonwealth of Learning Vancouver MOOC on M4D 2013 4G LTE 4G LTE LTE (Long Term

631 views • 33 slides
Regularities and dynamics in bisimulation reductions of big graphs Yongming Luo , George

Regularities and dynamics in bisimulation reductions of big graphs Yongming Luo , George

Regularities and dynamics in bisimulation reductions of big graphs Yongming Luo , George Fletcher, Jan Hidders, Paul De Bra and Yuqing Wu GRADES 2013 SIGMOD/PODS 2013 The research of YL, GF, JH and PD is supported by the Nether- lands

269 views • 24 slides
NTCIR 2014 Slides - TUW-IMP at the NTCIR-11 Math-2 Presentation February 2015 CITATIONS READS

NTCIR 2014 Slides - TUW-IMP at the NTCIR-11 Math-2 Presentation February 2015 CITATIONS READS

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/272683082 NTCIR 2014 Slides - TUW-IMP at the NTCIR-11 Math-2 Presentation February 2015 CITATIONS READS 0 51 1 author: Aldo

486 views • 15 slides
A Fibrational Approach to Automata Theory Eilenberg-type Correspondences in One Liang-Ting Chen

A Fibrational Approach to Automata Theory Eilenberg-type Correspondences in One Liang-Ting Chen

A Fibrational Approach to Automata Theory Eilenberg-type Correspondences in One Liang-Ting Chen Henning Urbat TU Braunschweig CALCO 2015 Motivation: a zoo of Eilenbergs variety theorems Algebraic description of regular languages:

494 views • 34 slides

More recommend