host cryptography iii ece 525 aes block cipher
play

HOST Cryptography III ECE 525 AES Block Cipher Blockciphers are - PowerPoint PPT Presentation

Apr 13, 2023 •150 likes •329 views

HOST Cryptography III ECE 525 AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? } k } n } n { , { , { , It is a function E of parameters k and n that maps

  1. HOST Cryptography III ECE 525 AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? } k } n } n { , × { , → { , It is a function E of parameters k and n that maps 0 1 0 1 0 1 The function E takes two inputs, a k -bit string (key) and an n- bit string (plain- text), and returns an n -bit string (ciphertext) } k } n } n ∈ { , ( { , → { , ) For each key K 0 1 , we let E K : 0 1 0 1 be the function defined by E K ( M ) = E(K, M) For any blockcipher and any key K , it is required that the function E K be a permuta- tion on {0, 1} n (it is a bijection -- one-to-one and onto function) } n } n ∈ { , ∈ { , Bijection indicates that for every C 0 1 , there is exactly one M 0 1 such that E K ( M) = C ECE UNM 1 (1/18/18)

  2. HOST Cryptography III ECE 525 AES Block Cipher -1 , that also maps {0, 1} n to {0, 1} n with E K -1 ( E K ( M) E K has an inverse, denoted E K -1 ( E K ( C) = C for all M, C in {0, 1} n = M and E K } k } n } n We let E -1 : be defined by E -1 ( K, C ) = E K -1 ( C ) { , × { , → { , 0 1 0 1 0 1 This is the inverse blockcipher of E Properties: • The blockcipher E should be a publicly specified algorithm • Both the cipher E and its inverse E -1 should be easily computable In a typical use, a random key K is chosen and kept secret between a pair of users The function E K is used by both parties to process data to be exchanged We assume that the adversary will be able to obtain some input-output examples of E K , i.e., pairs of the form ( M,C ) where C = E K ( M ), but will not have the key K Therefore, goal of the adversary is to recover key K with the input/output examples ECE UNM 2 (1/18/18)

  3. HOST Cryptography III ECE 525 AES Block Cipher In 1998, NIST announced a competition for a new blockcipher to replace DES AES addresses short 2 56 key length, software speed, block size (64 ->128) of DES Fifteen algorithms were submitted to NIST, second round narrowed number of five -- in summer of 2001, NIST announced that algorithm called Rijndael won Authors are from Belgium, Joan Daemen and Vincent Rijmen function AES K (M) (K 0 , ..., K 10 ) <- expand(K) s <- M XOR K 0 for r = 1 to 10 do s’ <- SBOX(s) s* <- shift-rows(s’) if r <= 9 then s+ <- mix-cols(s*) else s+ <- s* fi s <- s+ XOR K r endfor return s ECE UNM 3 (1/18/18)

  4. HOST Cryptography III ECE 525 AES AES has a block length of n = 128 bits, and a key length k that is variable, 128, 192 or 256 bits AES can be explained in terms of four additional mappings: expand , SBOX , shift- rows and mix-cols Expand takes a 128-bit string and produces a vector of 11 keys (K 0 , ..., K 10 ) The other three functions bijectively map 128-bits to 128-bits AES consists of 10 rounds, each identical except for the K i used, and the omission of mix-cols in the 10th round The operations of SBOX and mix-cols involve arithmetic on bytes The arithmetic structure has all the properties necessary to be called a finite field See http://en.wikipedia.org/wiki/Advanced_Encryption_Standard ECE UNM 4 (1/18/18)

  5. HOST Cryptography III ECE 525 AES SBOX: Each input byte a i,j is replaced with SBOX ( a i,j ) using an 8-bit substitution box ({0, 1} 8 -> {0, 1} 8 ) Low order 4 bits High order 4 bits This operation provides the non-linearity in the cipher The SBOX is derived from the multiplicative inverse over GF(2 8 ), which is known to have good non-linearity properties ECE UNM 5 (1/18/18)

  6. HOST Cryptography III ECE 525 AES Shift-rows: takes the 16 bytes of SBOX, s 0 s 1 ...s 15 and makes a 4 x 4 table s 0 s 4 s 8 s 12 s 0 s 4 s 8 s 12 Rotate row 1 by 0 elements s 1 s 5 s 9 s 13 s 5 s 9 s 13 s 1 Rotate row 2 by 1 elements s 2 s 6 s 10 s 14 s 10 s 14 s 2 s 6 Rotate row 3 by 2 elements s 3 s 7 s 11 s 15 s 15 s 3 s 7 s 11 Rotate row 4 by 3 elements This step prevents the columns from being linearly independent , in which case, AES degenerates into four independent block ciphers Mix-cols : Here the resulting columns in the 4 x 4 table above are combined using an invertible linear transformation The MixColumns function takes four bytes as input and outputs four bytes, where each input byte affects all four output bytes ECE UNM 6 (1/18/18)

  7. HOST Cryptography III ECE 525 AES Together with ShiftRows, MixColumns provides diffusion in the cipher MixColumns multiplies each column by a fixed matrix: 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2 Matrix multiplication is composed of multiplication and addition (XOR) of the entries with the multiplication operation defined as follows: Multiplication by 1 means no change Multiplication by 2 means shifting 1-bit to the left Multiplication by 3 means shifting 1-bit to the left and then performing XOR with the initial unshifted value After shifting, a conditional XOR with 0x1B should be performed if the shifted value is larger than 0xFF -- these are special cases of multiplication in GF(2 8 ) ECE UNM 7 (1/18/18)

  8. HOST Cryptography III ECE 525 AES In more general sense, each column is treated as a polynomial over GF(2 8 ): a(x) = a 3 x 3 + a 2 x 2 + a 1 x + a 0 And is then multiplied with a fixed polynomial: c(x) = {03} x 3 + {01} x 2 + {01} x + {02} And then taking the result modulo: x 4 + 1 AddRoundKey: the subkey is combined with the output of Mix-cols For each round, a subkey is derived from the main key using Rijndael’s key schedule s <- s+ XOR K r Next round ciphertext s is computed by bitwise XORing each byte of the Mix- cols output with the corresponding byte of the subkey Note that in the first round, the plaintext M and original key K 0 is used to com- pute s ECE UNM 8 (1/18/18)

  9. HOST Cryptography III ECE 525 SHA-3 Secure Hash Algorithm Block ciphers serve the confidentiality requirement of information security As we discussed earlier, authentication and data integrity are important orthoganol properties of information security Secure hash functions play a central role in serving these properties Similar to encryption, the NIST standard for secure hash has changed over time In 2006, NIST organized the NIST hash function competition for SHA-3 This was driven by concerns over the successful attacks on MD5 and SHA-0, and theoretical attacks on SHA-1 SHA-3 is designed to supplement SHA-2 (not replace it) 51 candidates entered the competition in 2008, 14 were selected in July 2009 and a final set of 5 candidates were selected in Dec. 2010 ECE UNM 9 (1/18/18)

  10. HOST Cryptography III ECE 525 Keccak Secure Hash Algorithm Keccak won the competition on Oct. 2012 Keccak is a cryptographic hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche The SHA-3 standard was released by NIST on August 5, 2015 SHA-3 uses the sponge construction In the first phase, data is absorbed into the sponge, which is later squeezed out Absorbion involves XORing message blocks into the internal state , which is a large array of bits partitioned into 3 dimensions Row and column are always 5x5 in any version 4 The number of lanes can be configured as 3 1, 2, 4, 8, 16, 32, 64 row 2 n-1 1 Keccak-f[200] is the smallest version lanes 0 012 recommended, with lane size = 8 0 1 2 3 4 col ECE UNM 10 (1/18/18)

  11. HOST Cryptography III ECE 525 Keccak Secure Hash Algorithm keccak-f[200] has 200 bits of internal state 4 3 row 2 7 3456 1 lanes 0 012 0 1 2 3 4 col Keccak has two parameters, rate and capacity rate refers to the size of the message blocks while capacity is what remains With rate equal to 72, 200-72 = 128 bit capacity Capacity of 128 provides an equivalent security level of 64 bits The message of 72-bits is XOR’ed into the 0-state in round 1 Keccak-f[200] hashes this string with the state in 18 rounds ( Keccak-f[1600] has 24 rounds) ECE UNM 11 (1/18/18)

  12. HOST Cryptography III ECE 525 Keccak Secure Hash Algorithm Each round manipulates the state ( kstate ) using the the following datapath operations kstate (4)(4)(63) (0)(0)(0) round_in (0)(0) (0)(63) (4)(63) theta_out (0)(0)(0) rho_in rho_out pi_in pi_out chi_in chi_out round_constant itoa_in itoa_out round_out The algorithm is elegant and easily configured for different applications from high- security ( keccak-f[1600] ) to resource constrained ( keccak-f[200] ) ECE UNM 12 (1/18/18)

  13. HOST Cryptography III ECE 525 HMAC HMAC is a keyed-hash message authentication code (https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) HMAC leverages a cryptographic hash function, e.g. SHA-3, and can be used to ver- ify data integrity and authenticity of a message Commonly used terms include HMAC-MD5 and HMAC-SHA1, which use MD5 and SHA-1 cryptographic hash functions Iterative hash functions, such as SHA-1, break the message into 512-bit blocks and compress the message into a smaller, e.g., 128-bit digest Data integrity and authenticity is accomplished by transmitting the message (encrypted or un-encrypted) and the digest to the receiver The receiver carries out the same process using her (shared) secret key on the received message to compute a second digest, which is compared with the received digest If the digests match, then the message is authentic ECE UNM 13 (1/18/18)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Cipher Cipher Cipher Cipher

464 views • 20 slides
Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography

Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography

Cryptography Block Cipher Modes of Operation Block Ciphers with Multiple Blocks Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography Cipher Feedback Mode School of Engineering and Technology

428 views • 32 slides
HOST DES ECE 495/595 DES Block Cipher DES: A remarkable well-engineered algorithm, thats old

HOST DES ECE 495/595 DES Block Cipher DES: A remarkable well-engineered algorithm, thats old

HOST DES ECE 495/595 DES Block Cipher DES: A remarkable well-engineered algorithm, thats old but had a powerful influ- ence on cryptography (still used in ATM machines) In 1972, NBS (now NIST) solicited for an encryption algorithm -- IBM

320 views • 4 slides
Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

CSS441 Block Cipher Operation Modes ECB Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn International Institute of Technology XTS-AES Thammasat University Prepared by Steven Gordon on 20

871 views • 32 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

923 views • 51 slides
Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography

Cryptography Encryption and Attacks Encryption Building Blocks Encryption and Attacks Attacks on Encryption Block Cipher Design Principles Cryptography Stream Cipher Design Principles Example: Brute School of Engineering and Technology

681 views • 51 slides
Block ciphers What is a block cipher? Dan Boneh Block

Block ciphers What is a block cipher? Dan Boneh Block

Online Cryptography Course

1.24k views • 65 slides
B.c) DES W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.61 Remark There exist (2

B.c) DES W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.61 Remark There exist (2

1 B.c) DES W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.61 Remark There exist (2 n )! permutations {0,1} n {0,1} n . Clearly, | K | (2 n )! for any block cipher with block length n. In a true random block cipher

998 views • 58 slides
T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher confidentiality modes of operation Kaufman et al: Ch 4 Stallings: Ch 6, Ch 3 1 Stream ciphers Stream ciphers are generally faster than block

535 views • 12 slides
Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee , Byeonghak Lee KAIST Tweakable Block Cipher A tweakable block cipher accepts an additional input &quot;tweak - Tweaks are publicly used

519 views • 30 slides
Cryptography and Network Chapter 6 Block Cipher Operation Security Many savages at the present

Cryptography and Network Chapter 6 Block Cipher Operation Security Many savages at the present

4/19/2010 Cryptography and Network Chapter 6 Block Cipher Operation Security Many savages at the present day regard their Chapter 6 names as vital parts of themselves, and therefore take great pains to conceal their real f g p names, lest

336 views • 5 slides
CS 4803 A block cipher E is a collection of functions from n bits to n bits. Each function is

CS 4803 A block cipher E is a collection of functions from n bits to n bits. Each function is

Block ciphers Building blocks for symmetric cryptography. M EK C Examples: DES, 3DES, AES... CS 4803 A block cipher E is a collection of functions from n bits to n bits. Each function is fully specified by a k-bit key. Computer and

317 views • 4 slides
Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Cryptography Classical Ciphers Caesar Cipher Monoalphabetic Ciphers Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher Vernam Cipher School of Engineering and Technology One Time Pad CQUniversity

1.02k views • 64 slides
Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Cryptography Classical Ciphers Caesar Cipher Monoalphabetic Ciphers Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher Vernam Cipher One Time Pad School of Engineering and Technology CQUniversity

687 views • 64 slides
CS 241 Data Organization Ciphers March 22, 2018 Cipher In cryptography, a cipher (or

CS 241 Data Organization Ciphers March 22, 2018 Cipher In cryptography, a cipher (or

CS 241 Data Organization Ciphers March 22, 2018 Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption. When using a cipher, the original information is known as plaintext , and the

449 views • 41 slides
LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me PhD student at Hasselt University since 2014 Since 2016 on FWO SBO research grant Researching wireless security Protocol security,

803 views • 57 slides
RC6The elegant AES choice Ron Rivest rivest@mit.edu Matt Robshaw mrobshaw@supanet.com Yiqun

RC6The elegant AES choice Ron Rivest rivest@mit.edu Matt Robshaw mrobshaw@supanet.com Yiqun

RC6The elegant AES choice Ron Rivest rivest@mit.edu Matt Robshaw mrobshaw@supanet.com Yiqun Lisa Yin yiqun@nttmcl.com RC6 is the right AES choice Security Performance Ease of implementation Simplicity Flexibility RC6 is

314 views • 15 slides
Objectives Introduction to Finite Fields AES Algorithm Sub Byte Shift row

Objectives Introduction to Finite Fields AES Algorithm Sub Byte Shift row

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Introduction to Finite Fields AES

604 views • 31 slides
Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and

Using Linear Codes as a Fault Countermeasure for Non-Linear Operations : Application to AES and Formal Verification work co-funded by the PRINCE project Sabine Azzi, Bruno Barras, Maria Christofi , David Vigilant PROOFS workshop 2015, September

493 views • 45 slides
Kernel TLS and hardware TLS offload in FreeBSD 13 by Mellanox, Chelsio and Netflix Why crypto?

Kernel TLS and hardware TLS offload in FreeBSD 13 by Mellanox, Chelsio and Netflix Why crypto?

Kernel TLS and hardware TLS offload in FreeBSD 13 by Mellanox, Chelsio and Netflix Why crypto? Bob and Alice and the secret message Mathematical dependance on a relatively small pre-shared key When used right: Prevents

801 views • 30 slides
Getting started with ggplot2 STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley

Getting started with ggplot2 STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley

Getting started with ggplot2 STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley gastonsanchez.com github.com/gastonstat/stat133 Course web: gastonsanchez.com/stat133 ggplot2 2 Resources for &quot;ggplot2&quot; Documentation:

1.27k views • 44 slides
Network Security Technology Project 1 Neng Li ln-fjpt@sjtu.edu.cn Part I 2 Implement the

Network Security Technology Project 1 Neng Li ln-fjpt@sjtu.edu.cn Part I 2 Implement the

Network Security Technology Project 1 Neng Li ln-fjpt@sjtu.edu.cn Part I 2 Implement the textbook RSA algorithm. The textbook RSA is essentially RSA without any padding. Part I 3 Goals Generate a random RSA key pair with a given

438 views • 18 slides
Talk Overview Introduction 1 Table-based 2 Vector-Permutation 3 Bitslice 4 Results and

Talk Overview Introduction 1 Table-based 2 Vector-Permutation 3 Bitslice 4 Results and

Implementing Lightweight Block Ciphers on x86 Architectures Ryad Benadjila 1 Jian Guo 2 e 1 Thomas Peyrin 2 Victor Lomn 1 ANSSI, France 2 NTU, Singapore SAC, August 15, 2013 Introduction Table-based Vector-Permutation Bitslice Results and

899 views • 43 slides

More recommend