introduction to symmetric cryptography
play

Introduction to symmetric cryptography Joan Daemen Institute for - PowerPoint PPT Presentation

Dec 08, 2023 •790 likes •1.38k views

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information Sciences Radboud University ibenik summer school 2016 Page 1 of 51 Joan Daemen ibenik summer school 2016 Symmetric Crypto Outline Security

  1. Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information Sciences Radboud University Šibenik summer school 2016 Page 1 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto

  2. Outline Security services Stream encryption Authentication and authenticated encryption Building schemes with modes Building the primitives Example: Noekeon Page 2 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto

  3. Currently we are here... Security services Stream encryption Authentication and authenticated encryption Building schemes with modes Building the primitives Example: Noekeon

  4. Confidentiality To protect: ◮ • people’s privacy • company assets • enforcing business: no pay, no content • meta: PIN, password, cryptographic keys Data confidentiality ◮ • only authorised entities get access to the data • cryptographic operation: encryption Protection against traffic analysis ◮ • existence of communication between parties • frequency and statistics of communication • called metadata • no direct link with a basic cryptographic operation Page 3 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Security services

  5. Data integrity and authentication Basic concepts: ◮ • data integrity: was not modified without proper authorization • entity authentication: entity is what it claims to be • data origin authentication: data received as it was sent • symmetric crypto operation: message authentication codes Freshness: ◮ • entity is there now • received message was written recently • mechanism: unpredictable challenge Protection against replay: ◮ • authenticated message was not just a copy of an earlier one • mechanism: nonce Page 4 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Security services

  6. Secure channel cryptographically secured link between two entities ◮ data confidentiality and data origin authentication ◮ session-level authentication, protection against ◮ • insertion of messages • removal of messages shuffling of messages • can be one-directional or full-duplex ◮ can be online or store-and-forward ◮ can require freshness or just protection against replay ◮ examples: SSH, TLS, GP SCP03, . . . ◮ Page 5 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Security services

  7. Symmetric cryptography operations Core business ◮ • encryption • MAC computation • authenticated encryption (including sessions) Requires secret key shared between sender and receiver ◮ key generation requires qualitative random generator • • key transfer between entities may require other keys • a lot can go wrong here! On the side ◮ • cryptographic hashing • deterministic random bit generation (DRBG), . . . Page 6 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Security services

  8. Currently we are here... Security services Stream encryption Authentication and authenticated encryption Building schemes with modes Building the primitives Example: Noekeon

  9. Encryption: one-time pad Let P be a plaintext of n bits: P 1 to P n ◮ Assume Z is a shared secret of n bits: Z 1 to Z n ◮ Encryption to n -bit cryptogram C ◮ • ∀ i : C i = P i + Z i Decryption back to P ◮ • ∀ i : P i = C i + Z i Advantages ◮ • no expansion • very efficient • provably secure in information-theoretical sense! Disadvantage: requires 1 fresh secret bit per message bit encrypted ◮ Page 7 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  10. Stream cipher Generates arbitrary-length keystream Z from ◮ • K : short secret key, typically 128 or 256 bits • IV : initial value, for generating multiple keystreams per K Desired properties ◮ • knowing K : computing Z = SC [ K ]( IV ) shall be efficient • not knowing K : predicting Z shall be infeasible for any IV Page 8 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  11. Random oracle RO [Bellare-Rogaway 1993] A random oracle RO maps: ◮ • input of arbitrary length P • to an infinite output string Z RO supports queries of following type: ( P , ℓ ) ◮ • P : input ℓ : requested number of output bits • Response Z ◮ • string of ℓ bits • independently and uniformly distributed bits • self-consistent: equal inputs P give matching outputs Page 9 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  12. Security notion: Pseudorandom function (PRF) Distinguishing game (black box version) Adversary sends queries Q to system that is either: ◮ • stream cipher with unknown key K • RO Then based on responses Z must guess what system is ◮ • Pr ( success ) ≤ F ( | Q | ) : some bound on success probability • Advantage: Adv = 2 Pr ( success ) − 1 Page 10 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  13. Security notion: PRF (cont’d) Black box fails to model public concrete stream cipher ◮ We give additional query access to internal functions ◮ We model query complexity in two parts: ◮ • M : online complexity, represents data • N : offline complexity, represents computation and storage We express Advantage as Adv ( M , N ) ◮ Page 11 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  14. Implications of PRF property Informally: a function is a PRF if the advantage is negligible ◮ What really matters is the concrete bound ◮ A bound Adv ( M , N ) for stream cipher implies: ◮ • any adversary with resources M and N • will not learn anything about plaintext from ciphertext with probability 1 − Adv ( M , N ) . • but for concrete schemes we cannot prove such bounds! ◮ Page 12 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  15. Security claim Lack of proof leaves following questions on a concrete scheme: ◮ • what kind of security does it offer? • when does a demonstrated property break it? Addressed by a security claim ◮ • statement on expected security of a cryptographic scheme bound on distinguishing advantage from ideal scheme • For cryptanalysts: challenge ◮ • break: attack performing better than the claim For users: security specification ◮ • . . . as long as it is not broken Often claims are missing but implied by size parameters ◮ Page 13 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  16. How concrete schemes gain assurance The (open) cryptologic activity (70s - today): ◮ • cryptographic schemes are published • . . . and (academically) attacked by cryptanalysts • . . . and corrected/improved, • . . . and attacked again, etc. by researchers for prestige/career • This leads to ◮ • better understanding • ever improving cryptographic schemes Trust in cryptographic scheme depends on ◮ • perceived simplicity • perceived amount of analytic effort invested in it Page 14 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  17. Security strength Security strength of a cryptographic scheme ◮ • expected effort required to break it • expressed in bits s bits means best attack has expected complexity 2 s • Link with bound on distinguishing advantage ◮ amount of data and/or computation such that Adv becomes • significant • kind of coarse Current view on computational complexity ◮ • 80 bits: lightweight • 96 bits: solid • 128 bits: secure for the foreseable future • 256 bits: for the clueless See www.keylength.com Page 15 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  18. Limit to security strength: exhaustive key search Single-target: attacker gets couple ( IV , Z = SC [ K ]( IV )) ◮ attacker tries guesses K ′ until SC [ K ′ ]( IV ) = Z • expected effort 2 k − 1 , so strength k − 1 bits • • Implicit security claim: no attack better than this Multi-target: attacker gets m couples ( IV , Z i = SC [ K i ]( IV )) ◮ attacker tries guesses K ′ until ∃ K i , SC [ K ′ ]( IV ) = Z i • every key guess has success probability m / 2 k • expected effort 2 k / ( m + 1 ) , so strength ≈ k − log 2 ( m ) • key length does not equal security strength! ◮ • security erosion in case of multi-target • can be prevented by making IV global nonce Page 16 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Stream encryption

  19. Currently we are here... Security services Stream encryption Authentication and authenticated encryption Building schemes with modes Building the primitives Example: Noekeon

  20. Message authentication code (MAC) functions Generates short tag T from ◮ • K : short secret key, typically 128 or 256 bits • M : arbitrary-length message Desired properties (informally) ◮ • knowing K : computing T = MF [ K ]( M ) shall be efficient • not knowing K : predicting T for any M shall be infeasible Page 17 of 51 Joan Daemen Šibenik summer school 2016 Symmetric Crypto Authentication and authenticated encryption

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric Cryptosystems Course Technicalities Renate Scheidler 1 Department of Mathematics & Statistics Overview of Cryptography 2 Department of Computer

222 views • 9 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

I5020 Computer Security Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

1.25k views • 49 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018

Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018

Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography AES k ( m ) * Toy

935 views • 50 slides
Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko Chair, Symmetric-Key Cryptography Subcommittee (Science University of Tokyo) 1 Symmetric-Key Cryptography Subcommittee(2002) K.Araki (TIT)

998 views • 20 slides
Chapter 15 Computer Security By Shengquan Wang in CPSC 410 Thank Dr. Xinwen Fu for contributing

Chapter 15 Computer Security By Shengquan Wang in CPSC 410 Thank Dr. Xinwen Fu for contributing

Chapter 15 Computer Security By Shengquan Wang in CPSC 410 Thank Dr. Xinwen Fu for contributing Slides 1-16, 19. Thank Dr. Xinwen Fu for contributing Slides 1-16, 19. The rest of them are adopted from the textbook slides The rest of them are

657 views • 16 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
Rings and Modules for Identity-Based Post-Quantum Public-Key Cryptography BASED ON THE PAPER

Rings and Modules for Identity-Based Post-Quantum Public-Key Cryptography BASED ON THE PAPER

Rings and Modules for Identity-Based Post-Quantum Public-Key Cryptography BASED ON THE PAPER EPRINT.IACR.ORG/2014/794 BY DUCAS, LYUBASHEVSKY, AND PREST 2016-09-21, Royal Holloway, Egham OFFICIAL Public Key Cryptography (PKC) Also called

403 views • 26 slides
I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing

I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing

I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing or valuable 15: piece of inf or mat ion youve ever st or ed on a comput er Net work Securit y Basics How much you r ely on comput er

566 views • 7 slides
Hierarchical Approach in RNS Base Extension for Asymmetric Cryptography Libey Djath 1 , Karim

Hierarchical Approach in RNS Base Extension for Asymmetric Cryptography Libey Djath 1 , Karim

Hierarchical Approach in RNS Base Extension for Asymmetric Cryptography Libey Djath 1 , Karim Bigou 1 , Arnaud Tisserand 2 1 Universit e de Bretagne Occidentale / Lab-STICC, UMR CNRS 6285 2 CNRS / Lab-STICC, UMR 6285 ARITH-26, 10-12 June 2019,

529 views • 23 slides
Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network Access Security Goal: Confidentiality q Suppose you are a customer using a credit card to order an item from a website q Threat: - An adversary may

305 views • 27 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL

Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL

Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL Crypto systems get broken eh vxuh wr gulqn brxu rydowlqh be sure to drink your ovaltine Why assume that current algorithms really are unbreakable,

656 views • 64 slides

More recommend