outline
play

Outline Arithmetic on Bytes and 4-Byte Vectors 1 CPSC 418/MATH 318 - PowerPoint PPT Presentation

Feb 01, 2023 •328 likes •425 views

Outline Arithmetic on Bytes and 4-Byte Vectors 1 CPSC 418/MATH 318 Introduction to Cryptography The Rijndael Algorithm 2 Advanced Encryption Standard, Brute Force Attacks on Block Ciphers Overview Description of the Algorithm Renate

  1. Outline Arithmetic on Bytes and 4-Byte Vectors 1 CPSC 418/MATH 318 Introduction to Cryptography The Rijndael Algorithm 2 Advanced Encryption Standard, Brute Force Attacks on Block Ciphers Overview Description of the Algorithm Renate Scheidler AES Key Schedule and Decryption 3 Key Schedule Department of Mathematics & Statistics Decryption Department of Computer Science University of Calgary Strengths and Weaknesses of Rijndael 4 Week 4 Exhaustive Attacks on Block Ciphers 5 Simple Exhaustive Key Search Meet-in-the-Middle (Double Encryption) Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 1 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 2 / 34 Arithmetic on Bytes and 4-Byte Vectors Arithmetic on Bytes and 4-Byte Vectors Arithmetic on Bytes Addition of Bytes in Rijndael Consider a byte b = ( b 7 , b 6 , . . . , b 1 , b 0 ) (an 8-bit vector) as a polynomial with coefficients in { 0 , 1 } : Polynomial addition by taking X-OR of coefficients. b �→ b ( x ) = b 7 x 7 + b 6 x 6 + · · · + b 1 x + b 0 . b 7 x 7 b 6 x 6 + + · · · + b 1 x + b 0 c 7 x 7 c 6 x 6 + + + · · · + + c 1 x c 0 Rijndael makes use of the following operations on bytes, interpreting them ( b 7 ⊕ c 7 ) x 7 ( b 6 ⊕ c 6 ) x 6 as polynomials: + + · · · + ( b 1 ⊕ c 1 ) x + ( b 0 ⊕ c 0 ) 1 Addition The sum of two polynomials taken in this manner yields another 2 Modular multiplication polynomial of degree ≤ 7 . 3 Inversion In other words, component-wise X-OR of bytes is identified with this Under these operations, polynomials of degree ≤ 7 with coefficients in addition operation on polynomials. { 0 , 1 } form the field GF (2 8 ). By associating bytes with these polynomials, we obtain these operations on bytes. Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 3 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 4 / 34

  2. Arithmetic on Bytes and 4-Byte Vectors Arithmetic on Bytes and 4-Byte Vectors Modular Multiplication in Rijndael Inversion of Bytes in Rijndael Polynomial multiplication (coefficients are in { 0 , 1 } ) modulo b ( x ) − 1 , the inverse of b ( x ) = b 7 x 7 + b 6 x 6 + · · · + b 1 x + b 0 , is the m ( x ) = x 8 + x 4 + x 3 + x + 1 polynomial of degree ≤ 7 with coefficients in { 0 , 1 } such that (remainder when dividing by m ( x ), analogous to modulo arithmetic with b ( x ) b ( x ) − 1 ≡ 1 (mod m ( x )) . integers). Note that this is completely analogous to the case of integer arithmetic The remainder when dividing by a degree 8 polynomial will have degree modulo n . ≤ 7 . Thus, the “product” of two bytes is associated with the product of their polynomial equivalents modulo m ( x ) . The “inverse” of the byte b = ( b 7 , b 6 , . . . , b 1 , b 0 ) is the byte associated with the inverse of b ( x ) = b 7 x 7 + b 6 x 6 + · · · + b 1 x + b 0 . Note 1 m ( x ) is the lexicographically first polynomial that is irreducible over Rijndael uses inverse as above in its SubByte operation. GF (2), i.e. does not split into two polynomials of smaller positive degree with coefficients in { 0 , 1 } . Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 5 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 6 / 34 Arithmetic on Bytes and 4-Byte Vectors Arithmetic on Bytes and 4-Byte Vectors Arithmetic on 4-byte Vectors Operations on 4-byte Vectors We have the following operations on these polynomials: 1 addition: component-wise “addition” of coefficients (addition as In Rijndael’s MixColumn operation, 4-byte vectors are considered as degree 3 polynomials with coefficients in GF (2 8 ) . That is, the 4-byte described above) vector ( a 3 , a 2 , a 1 , a 0 ) is associated with the polynomial 2 multiplication: polynomial multiplication (addition and multiplication of coefficients as described above) modulo M ( y ) = y 4 + 1 . Result is a a ( y ) = a 3 y 3 + a 2 y 2 + a 1 y + a 0 , degree 3 polynomial with coefficients in GF (2 8 ) . where each coefficient is a byte viewed as an element of GF (2 8 ) (addition, multiplication, and inversion of the coefficients is performed as described Note 2 above). Using M ( y ) = y 4 + 1 makes for very efficient arithmetic (simple circular shifts) Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 7 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 8 / 34

  3. SubByte s AddRoundKey MixColumn s ShiftRow s Arithmetic on Bytes and 4-Byte Vectors The Rijndael Algorithm Overview Examples for Rijndael Arithmetic Rijndael Properties Example 1 Designed for block sizes and key lengths to be any multiple of 32 , Let b 1 = (10001110) and b 2 = (00001101) be bytes. Compute including those specified in the AES. b 3 = b 1 + b 2 and b 4 = b 1 b 2 in the Rijndael field GF(2 8 ). Iterated cipher: number of rounds N r depends on the key length. 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for Example 2 256-bit keys. Let Algorithm operates on a 4 × 4 array of bytes (8 bit vectors) called the a 1 = (00000001 , 00000000 , 10001110 , 00000010) and state : a 2 = (00000000 , 00000001 , 00001101 , 00000000) s 0 , 0 s 0 , 1 s 0 , 2 s 0 , 3 s 1 , 0 s 1 , 1 s 1 , 2 s 1 , 3 be vectors whose entries are bytes in the Rijndael field GF(2 8 ). Compute s 2 , 0 s 2 , 1 s 2 , 2 s 2 , 3 a 3 = a 1 + a 2 and a 4 = a 1 a 2 using Rijndael’s arithmetic on 4-byte vectors. s 3 , 0 s 3 , 1 s 3 , 2 s 3 , 3 See the Rijndael arithmetic examples handout on the “handouts” page. Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 9 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 10 / 34 The Rijndael Algorithm Overview The Rijndael Algorithm Overview AES Initialization AES Overview The Rijndael algorithm (given plaintext M ) proceeds as follows: 1 Initialize State with M : s 0 , 0 s 0 , 1 s 0 , 2 s 0 , 3 m 0 m 4 m 8 m 12 s 1 , 0 s 1 , 1 s 1 , 2 s 1 , 3 m 1 m 5 m 9 m 13 ← s 2 , 0 s 2 , 1 s 2 , 2 s 2 , 3 m 2 m 6 m 10 m 14 s 3 , 0 s 3 , 1 s 3 , 2 s 3 , 3 m 3 m 7 m 11 m 15 where M consists of the 16 bytes m 0 , m 1 , . . . , m 15 . Graphic taken with modifications from the cover of NIST GCR 18-017 “The Economic Impacts of the Advanced Encryption Standard, 1996-2017” (NIST, September 2018) Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 11 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 12 / 34

  4. The Rijndael Algorithm Overview The Rijndael Algorithm Description of the Algorithm AES Algorithm The SubBytes Operation Each byte of State is substituted independently, using an invertible S-box On input the State whose columns are the 16 message bytes: (see p. 16 of FIPS 197 for the exact S-Box). 2 Perform AddRoundKey , which X-OR’s the first RoundKey with State . Algebraically, SubBytes performs on each byte: 3 For each of the first N r − 1 rounds: an inversion as described above (the inverse of the zero byte is Perform SubBytes on State (using an S-box on each byte of State ), defined to be zero here), followed by Perform ShiftRows (a permutation) on State , an affine transformation, i.e. a linear transformation (like in linear Perform MixColumns (a linear transformation) on State , algebra) followed by the addition of a fixed vector. More exactly, the Perform AddRoundKey . 4 For the last round: i -th bit of the output byte is Perform SubBytes , b ′ i = b i ⊕ b i +4 mod 8 ⊕ b i +5 mod 8 ⊕ b i +6 mod 8 ⊕ b i +7 mod 8 ⊕ c i Perform ShiftRows , Perform AddRoundKey . where b i is the i -th input bit and c i is the i th -th bit of 5 Define the ciphertext C to be State (using the same byte ordering). c = (11000110) . Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 13 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 14 / 34 The Rijndael Algorithm Description of the Algorithm The Rijndael Algorithm Description of the Algorithm Inverse of SubBytes The ShiftRows Operation Shifts the first, second, third, and last rows of State by 0 , 1 , 2 , or 3 cells to the left, respectively: The inverse of SubBytes (called InvSubBytes ) applies the inverse S-box to each byte in the State (see p. 22 of FIPS 197 for the inverse of s 0 , 0 s 0 , 1 s 0 , 2 s 0 , 3 s 0 , 0 s 0 , 1 s 0 , 2 s 0 , 3 the S-Box). s 1 , 0 s 1 , 1 s 1 , 2 s 1 , 3 s 1 , 1 s 1 , 2 s 1 , 3 s 1 , 0 ← s 2 , 0 s 2 , 1 s 2 , 2 s 2 , 3 s 2 , 2 s 2 , 3 s 2 , 0 s 2 , 1 Algebraically, you first apply the inverse affine transformation to each bit s 3 , 0 s 3 , 1 s 3 , 2 s 3 , 3 s 3 , 3 s 3 , 0 s 3 , 1 s 3 , 2 and then byte inversion. The inverse operation InvShiftRows applies right shifts instead of left shifts. Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 15 / 34 Renate Scheidler (University of Calgary) CPSC 418/MATH 318 Week 4 16 / 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

An automatic mammogram system: from screening to diagnosis Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Pectoral muscle

589 views • 45 slides
Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in preparing for your presentation; this outline is required. Title: I. Introduction (The speech actually starts here.) A. Attention Getter:

479 views • 3 slides
PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline to organize your argument to create a logical flow of information and plan your presentation layout. This outline is worth a group grade (one copy

506 views • 3 slides
1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a line that is drawn around elements, OUTSIDE the borders, to make the element "stand out". CSS has the following outline properties:

1.76k views • 117 slides
Outline Outline Background of the Network Vision Vision Aims Activities

Outline Outline Background of the Network Vision Vision Aims Activities

Asia Pacific Adaptation Network (APAN)- A k A key regional Initiative i l I iti ti Puja Sawhney Coordinator, APAN , Institute for Global Environmental Strategies Thimpu, Bhutan p 16 th November, 2011 Outline Outline Background of the

441 views • 9 slides
When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters Yogesh K. Ramadass, AnanthaGroup Microsystems Technology Laboratory Outline Outline Outline Outline

507 views • 36 slides
Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR personal presentation so you can create it however you want. These are just suggestions to help you get started. The purpose is to educate your

618 views • 3 slides
Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

ZSim Tutorial MICRO 2015 S TATS AND C ONFIGURATION Core Models Po-An Tsai Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation techniques ZSim core structure I1D I1I Simple IPC 1 core

1.96k views • 120 slides
Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Modeling Intention in Email : Speech Acts, Information Leaks and User Ranking Methods p g Vitor R. Carvalho Carnegie Mellon University William Cohen Ramnath a at Tom Tom Jon Jon Balasubramanyan Mitchell Elsas Outline Outline

1.09k views • 65 slides
Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C programming (close to the machine) storage and processing of data Linux operating system control of robots Demo Course Web site

780 views • 9 slides
Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Periodicity Sear Periodicity Search of ch of the the Geming Geminga-lik -like Pulsar e Pulsars Lupin Chun-Che Lin () Institute of Astronomy, National Central University, Taiwan Outline : Outline : Our method to perform periodicity

654 views • 19 slides
Outline for St Outline for St Outline for

Outline for St Outline for St Outline for

Outline for St Outline for St Outline for St Outline for St Francis Participation Francis Participation Francis Participation Francis Participation St Francis Overview Current Work on

120 views • 10 slides
RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa RDFa RDFa RDFa RDFa: A collection of attributes and processing p g rules for extending XHTML to support RDF. HTML contains structured data,

768 views • 37 slides
Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This is a suggested outline only. Students should work closely with their Faculty Advisors to adapt this format the presentation to the needs of the

418 views • 4 slides
1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

Goals Goals Foundations of Computer Graphics Foundations of Computer Graphics Systems: Write complex 3D graphics programs (Spring 2010) (Spring 2010) (real-time in OpenGL, offline raytracer, animation) CS 184, Lecture 1: Overview and

176 views • 5 slides
Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Sophak PHOEUN, National DRR Forum Coordinat or & Executive Assistant to Vice President of NCDM , National Committee for Disaster Management. Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

346 views • 15 slides
Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in

Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in

Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in Stinson (optional) 1 Encryp Enc yption n Princ ncipl ples A cryptosystem has (at least) five ingredients: Plaintext Secret Key

945 views • 70 slides
Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute

Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute

Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group 1 / 23 History Due to severe problems, DES, 3DES had to be replaced 1997: NIST

523 views • 23 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering

Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 History

323 views • 8 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation Introduction to Computer Security Announcements Cryptography, symmetric and public-key Hash functions and MACs Stephen McCamant Building a secure

440 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 07: Several One-Key Block Ciphers Outline of this Lecture One-key

622 views • 24 slides

More recommend