introduction to symmetric cryptography
play

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 - PowerPoint PPT Presentation

Aug 22, 2022 •590 likes •877 views

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

  1. Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography

  2. What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and correction of random errors Cryptography Detection and protection of hostile “errors” L.R. Knudsen Introduction to Symmetric Cryptography

  3. What is cryptography about? Secrecy (confidentiality) Keeping things secret (data, communication, entity, etc.) Authentication Assurance about authenticity (of data, origin, entity, etc.) L.R. Knudsen Introduction to Symmetric Cryptography

  4. Symmetric encryption Classical encryption Secure channel %AC&@9^( Message Encryption Decryption Message L.R. Knudsen Introduction to Symmetric Cryptography

  5. Public-key encryption L.R. Knudsen Introduction to Symmetric Cryptography

  6. Public-key versus symmetric cryptosystems Advantages Disadvantages Symmetric fast systems secure key-exchange slow systems Public-key no secure key-exchange Hybrid encryption L.R. Knudsen Introduction to Symmetric Cryptography

  7. Introduction to symmetric cryptosystems Cryptosystem ( P , C , K , E , D ) P : set of plaintexts C : set of ciphertexts K : set of keys E : for k ∈ K : e k ( x ) encryption rule D : for k ∈ K : d k ( x ) decryption rule For every k ∈ K : it holds for all m that d k ( e k ( m )) = m L.R. Knudsen Introduction to Symmetric Cryptography

  8. Symmetric encryption Kerckhoffs’ principle Everything is known to an attacker except for the value of the secret key. Attack scenarios Ciphertext only Known plaintext Chosen plaintext/ciphertext Adaptive chosen plaintext/ciphertext (black-box) Typical goal High security even under black-box attack L.R. Knudsen Introduction to Symmetric Cryptography

  9. Claude E. Shannon, 1916-2001 Communication Theory of Secrecy Systems , published in 1949. Theory First person to establish a theory for provable security. Principles His ideas for building (symmetric) ciphers still used today. L.R. Knudsen Introduction to Symmetric Cryptography

  10. Shannon’s Theory Definition Perfect secrecy ⇐ ⇒ Pr P ( x | y ) = Pr P ( x ), ∀ x ∈ P , y ∈ C Fact A cryptosystem where |K| = |P| = |C| provides perfect secrecy if and only if 1 Pr K ( K ) = 1 |K| , ∀ K ∈ K 2 ∀ x ∈ P , y ∈ C , ∃ unique K such that e K ( x ) = y Example One-time pad: e K ( x 1 , . . . , x n ) = ( x 1 ⊕ k 1 , . . . , x n ⊕ k n ) All keys equally likely Each key used only once Key as long as plaintext and ciphertext L.R. Knudsen Introduction to Symmetric Cryptography

  11. Unicity distance Definition (Redundancy) R L : which percentage of a language L is redundant Example th weathr is nice 2d. R L for English is 75%. Definition (Unicity distance) minimum number of ciphertext blocks attacker needs in order to be able to uniquely identify secret key log 2 ( |K| ) t 0 ≃ R L log 2 ( |P| ) t 0 = min t : s.t. essentially only one value of the key could have encrypted c 1 , . . . , c t L.R. Knudsen Introduction to Symmetric Cryptography

  12. Unicity distance in known/chosen plaintext attack Question What is the unicity distance under a known plaintext attack ?? Assume that we are given t encryptions, that is, the plaintext blocks and the corresponding ciphertext blocks. Question - again How big does t have to be, before it is likely that only one value of the key could have encrypted the texts? t 1 = log 2 ( |K| ) log 2 ( |P| ) t 1 = min t : s.t. essentially only one value of the key could have encrypted m 1 to c 1 , m 2 to c 2 , . . . , m t to c t L.R. Knudsen Introduction to Symmetric Cryptography

  13. Shannon’s Principles Definition (Confusion) The ciphertext statistics should depend on the plaintext statistics in a manner too complicated to be exploited by the cryptanalyst Definition (Diffusion) Each digit of the plaintext and each digit of the secret key should influence many digits of the ciphertext Substitutions (confusion) Permutations (diffusion) Product = Substitution × Permutation Most popular symmetric ciphers are product ciphers L.R. Knudsen Introduction to Symmetric Cryptography

  14. Shannon’s Thoughts Question How can we be sure an attacker will require a large amount of work to break a non-perfect system with every method??? Hard to achieve! But we can at least Thoughts/ideas 1 make it secure against all known attacks, and/or 2 make it reducible to some known difficult problem 1 is what is done today in symmetric cryptography 2 is what is done today in public-key cryptography L.R. Knudsen Introduction to Symmetric Cryptography

  15. From classical crypto to modern crypto looking back.. (almost) all ciphers before 1920s very weak 1920s, rotor machines, mechanical crypto Enigma, Germany Sigaba, USA Typex, UK 1949, Shannon’s work 1970s, computers take over from rotor machines ciphers operate on long sequence of bits (bytes) L.R. Knudsen Introduction to Symmetric Cryptography

  16. Symmetric encryption today - two types Block cipher Operate on from 8 to 16 bytes typically No or small internal state Stream cipher Operate on from 1 bit to 4 bytes typically Internal state, can be big? L.R. Knudsen Introduction to Symmetric Cryptography

  17. Block ciphers Input block m , output block c , key k k e : { 0 , 1 } n × { 0 , 1 } κ → { 0 , 1 } n ❄ ✲ ✲ m e c given k easy to encrypt and decrypt given m , c hard to compute k , such that e k ( m ) = c one-way function: f ( k ) = e k ( m 0 ) for fixed m 0 L.R. Knudsen Introduction to Symmetric Cryptography

  18. Block ciphers Applications block encryption (symmetric) stream ciphers message authentication codes building block in hash functions one-way functions L.R. Knudsen Introduction to Symmetric Cryptography

  19. Block ciphers Block cipher, n -bit blocks, κ -bit key Family of 2 κ n -bit bijections How many n -bit bijections are there? 2 n ! ≃ (2 n − 1 ) 2 n Design dream/aim 2 κ bijections chosen uniformly at random from all 2 n ! bijections L.R. Knudsen Introduction to Symmetric Cryptography

  20. Famous block ciphers block size, n key size, κ year DES 64 56 1977 Kasumi 64 128 1999 AES 128 128, 192, 256 2000 Present 64 80, 128 2007 Ciphers pick only a tiny fraction of all possible n -bit bijections Unicity distance, known-plaintext attack? L.R. Knudsen Introduction to Symmetric Cryptography

  21. Iterated block ciphers (DES, AES, . . . ) k 1 k 2 k 3 kr ↓ ↓ ↓ ↓ m − → g − → g − → g − → · · · · · · − → g − → c plaintext m , ciphertext c , key k key-schedule: user-selected key k → k 0 , . . . , k r round function, g , weak by itself idea: g r , strong for “large” r L.R. Knudsen Introduction to Symmetric Cryptography

  22. DES Data Encryption Standard blocks: 64 bits, keys: 56 bits iterated cipher, 16 rounds developed in early 70’s by IBM using 17 man years evaluation by National Security Agency (US) 1977: publication of FIPS 46 (DES) 1991: differential cryptanalysis, 2 47 chosen plaintexts 1993: linear cryptanalysis, 2 45 known plaintexts 1999: world-wide effort to find one DES-key: 22 hours L.R. Knudsen Introduction to Symmetric Cryptography

  23. AES Advanced Encryption Standard blocks: 128 bits keys: choice of 128-bit, 192-bit, and 256-bit keys iterated cipher, 10, 12 or 14 iterations depending on key FIPS (US governmental) encryption standard open (world) competition announced January 97 October 2000: AES=Rijndael L.R. Knudsen Introduction to Symmetric Cryptography

  24. Cryptanalysis Assumption Assume cryptanalyst has access to black-box implementing the cipher with secret key k Aims of cryptanalyst find key k , or find ( m , c ) such that e k ( m ) = c for unknown k , or show non-random behaviour of the cipher L.R. Knudsen Introduction to Symmetric Cryptography

  25. Generic attacks. Block size n , key size κ Exhaustive key search try all keys, one by one ⌈ κ/ n ⌉ texts, time 2 κ , storage small Table attack store e k ( m 0 ) for all k storage 2 κ , time (of attack) small Trade-offs Hellman tradeoff, 2 2 κ/ 3 time, 2 2 κ/ 3 memory L.R. Knudsen Introduction to Symmetric Cryptography

  26. Generic attacks (continued) Dictionary and birthday attacks on block ciphers known plaintexts: Collect pairs ( m , c ) ciphertext-only: Collect ciphertexts, look for matches c i = c j . Example (CBC mode) 1 Collect 2 n / 2 ciphertext blocks 2 With 2 equal ciphertext blocks c i = c j ⇒ e k ( m i ⊕ c i − 1 ) = e k ( m j ⊕ c j − 1 ) ⇒ m i ⊕ m j = c i − 1 ⊕ c j − 1 (similar attacks for ECB and CFB) L.R. Knudsen Introduction to Symmetric Cryptography

  27. Short-cut attacks Success dependent on intrinsic properties of e ( · ) Differential cryptanalysis Linear cryptanalysis Higher-order differentials. Truncated differentials. Boomerang attack. Rectangle attack Integral attack. Related key attack. Interpolation attack Multiple linear cryptanalysis. Zero-correlation attack Side-channel cryptanalysis L.R. Knudsen Introduction to Symmetric Cryptography

  28. The Block Cipher Companion By Lars R. Knudsen and Matt Robshaw. Available online for free via Springer, hard copies also available from Springer, Amazon etc. L.R. Knudsen Introduction to Symmetric Cryptography

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric Cryptosystems Course Technicalities Renate Scheidler 1 Department of Mathematics & Statistics Overview of Cryptography 2 Department of Computer

222 views • 9 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

I5020 Computer Security Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

1.25k views • 49 slides
Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information Sciences Radboud University ibenik summer school 2016 Page 1 of 51 Joan Daemen ibenik summer school 2016 Symmetric Crypto Outline Security

1.38k views • 58 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018

Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018

Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography AES k ( m ) * Toy

935 views • 50 slides
Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko Chair, Symmetric-Key Cryptography Subcommittee (Science University of Tokyo) 1 Symmetric-Key Cryptography Subcommittee(2002) K.Araki (TIT)

998 views • 20 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
1 Confidentiality using Symmetric Encryption have two major placement alternatives link

1 Confidentiality using Symmetric Encryption have two major placement alternatives link

Information System Security Chapter 7 Confidentiality Using Symmetric Encryption Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh Summer

698 views • 8 slides
Merton Partnership Doing Things Differently 21 January 2016 Adam Doyle, Chief Officer Hard

Merton Partnership Doing Things Differently 21 January 2016 Adam Doyle, Chief Officer Hard

Merton Partnership Doing Things Differently 21 January 2016 Adam Doyle, Chief Officer Hard Times Recognise the extremely difficult time the that all public services have had over the past few years and that the scale of savings

486 views • 10 slides
Digitized smart Logistics from Luxembourg June 2018 Cluster for Logistics Luxembourg A.s.b.l 1

Digitized smart Logistics from Luxembourg June 2018 Cluster for Logistics Luxembourg A.s.b.l 1

Digitized smart Logistics from Luxembourg June 2018 Cluster for Logistics Luxembourg A.s.b.l 1 90% World- Trade is sea freight but 19/07/2018 When location matters: EUROHUB Luxembourg 2 How to reliably serve locally & deliver last

2.05k views • 32 slides
First-class Synchronous Operations CML supports selective communication in a very general way,

First-class Synchronous Operations CML supports selective communication in a very general way,

First-class Synchronous Operations CML supports selective communication in a very general way, using first-class synchronous operations. The idea is to decouple the description of a synchronous operation from the act of synchronizing on it. 1

251 views • 6 slides
Non-Blocking Communications Deadlock 1 2 5 3 4 0 Communicator Completion The mode of

Non-Blocking Communications Deadlock 1 2 5 3 4 0 Communicator Completion The mode of

Non-Blocking Communications Deadlock 1 2 5 3 4 0 Communicator Completion The mode of a communication determines when its constituent operations complete. i.e. synchronous / asynchronous The form of an operation determines when

601 views • 21 slides
Abstractness of Continuation Semantics for Asynchronous Concurrency Gabriel Ciobanu, Eneia

Abstractness of Continuation Semantics for Asynchronous Concurrency Gabriel Ciobanu, Eneia

Introduction Continuations for Concurrency Weak Abstractness An Asynchronous Formalism Conclusion Abstractness of Continuation Semantics for Asynchronous Concurrency Gabriel Ciobanu, Eneia Nicolae Todoran A.I. Cuza University, Iasi,

479 views • 43 slides
INF5470 Fall 2010 Philipp Hfliger Lecture 5: Neuromorphic Communication Content The AER

INF5470 Fall 2010 Philipp Hfliger Lecture 5: Neuromorphic Communication Content The AER

INF5470 Fall 2010 Philipp Hfliger Lecture 5: Neuromorphic Communication Content The AER protocol Collision Handling Serial AER Lecture 5: Neuromorphic Communication 2 Content The AER protocol Collision Handling Serial AER Lecture

664 views • 13 slides

More recommend