symmetric key ciphers
play

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor - PDF document

Mar 25, 2023 •203 likes •452 views

Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Definition of Symmetric Types of Symmetric Key ciphers

  1. Symmetric Key Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives • Definition of Symmetric Types of Symmetric Key ciphers – Modern Block Ciphers • Full Size and Partial Size Key Ciphers • Components of a Modern Block Cipher – PBox (Permutation Box) – SBox (Substitution Box) – Swap – Properties of the Exclusive OR operation • Diffusion and Confusion • Types of Block Ciphers: Feistel and non-Feistel ciphers D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 1

  2. Symmetric Key Setting Communication Message Message Channel E D K a K b Bob Alice Assumptions Eve K a is the encryption key, K b is the decryption key. For symmetric key ciphers, K a =K b - Only Alice and Bob knows K a (or K b ) - Eve has access to E, D and the Communication Channel but does not know the key K a (or K b ) Types of symmetric key ciphers • Block Ciphers: Symmetric key ciphers, where a block of data is encrypted • Stream Ciphers: Symmetric key ciphers, where block size=1 D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 2

  3. Block Ciphers Block Cipher • A symmetric key modern cipher encrypts an n bit block of plaintext or decrypts an n bit block of ciphertext. • Padding: – If the message has fewer than n bits, padding must be done to make it n bits. – If the message size is not a multiple of n, then it should be divided into n bit blocks and the last block should be padded. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 3

  4. Full Size Key Ciphers • Transposition Ciphers: – Involves rearrangement of bits, without changing value. – Consider an n bit cipher – How many such rearrangements are possible? • n! – How many key bits are necessary? • ceil[log 2 (n!)] Full Size Key Ciphers • Substitution Ciphers: – It does not transpose bits, but substitutes values – Can we model this as a permutation? – Yes. The n bit inputs and outputs can be represented as 2 n bit sequences, with one 1 and the rest 0’s. This can be thus modeled as a transposition. – Thus it is a permutation of 2 n values, thus needs ceil[log 2 (2 n !)] bits. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 4

  5. Examples • Consider a 3-bit block ciphers. How many bits are needed for the full-size key? – Transposition cipher: ceil(log 2 6)=3 bits. – Substitution cipher: • There are 8!=40,320 possible substitutions • Thus there are ceil(log 2 (40,320))=16 bits – Lots of unused key. Permutation Group • The fact that the full-size key transposition or substitution cipher is a permutation shows cascading is not of use. • This is because permutation forms a group under the composition operation. • Multiple applications of the ciphers has the same effect as a single application of the transformation. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 5

  6. Partial-Size Key Ciphers • Actual ciphers cannot use full size keys, as the size is large. • Block ciphers are substitution ciphers (and not transpositions). Why? • Consider DES, with 64 bit block cipher. – Size of full key= ceil(log 2 (2 64 !)) ≈ 2 70 – Much large compared to 56 bits which is actually used. Is the partial-key cipher a group? • Important, because if yes then again multiple applications of the cipher is useless. • A partial-key cipher is a group if it is a subgroup of the corresponding full key cipher. • It has been proved that the multi-stage DES with a 56 bit key is not a group because no subgroup with 2 56 mappings can be created from the corresponding group with 2 64 ! mappings D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 6

  7. Components of a Modern Block Cipher • Most important components: – PBox: It is a key-less fixed transposition cipher – SBox: It is a key-less fixed substitution cipher • They are used to provide: – Diffusion: it hides the relationship between the ciphertext and the plaintext – Confusion: it hides the relationship between the ciphertext and the key Principle of Confusion and Diffusion • The design principles of Block Cipher depends on these properties • The S-Box is used to provide confusion , as it is dependent on the unknown key • The P-Box is fixed, and there is no confusion due to it • But it provides diffusion • Properly combining these is necessary. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 7

  8. Diffusion (P) Boxes • Straight Boxes 01 15 02 13 06 17 03 19 09 04 21 11 Example 24x24 Box 14 05 12 16 18 07 24 10 23 08 22 20 • Expansion Boxes Example 01 03 02 01 06 17 03 07 09 04 09 11 12x24 Box 02 05 12 04 06 07 12 10 11 08 10 08 • Compression Boxes Example 01 15 02 13 06 17 03 19 09 04 21 11 24x12 Box SBox An SBox (substitution box) is an mxn substitution box, where m and n are not necessarily same. Each output bit is a Boolean function of the inputs. = ( , ,..., ) y f x x x 1 1 1 2 n = ( , ,..., ) y f x x x 2 2 1 2 n ... = ( , ,..., ) y f x x x 1 2 m m n D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 8

  9. Non-linear SBox = ⊕ ⊕ ⊕ ... y a x a x a x 1 11 1 12 2 1 n n = ⊕ ⊕ ⊕ ... y a x a x a x 2 21 1 22 2 2 n n ... = ⊕ ⊕ ⊕ ... y a x a x a x 1 1 2 2 m m m mn n In a non-linear S-Box, each of the elements cannot be expressed as above. Eg. = ⊕ = ⊕ , y x x x y x x x 1 1 3 2 2 1 2 3 Other Components • Circular Shift: – It shifts each bit in an n-bit word k positions to the left. The leftmost k bits become the rightmost bits. – Invertible Transformation • Swap: – A special type of shift operation where k=n/2 • Other operations involve split and combine. • An important component is exclusive-or operation D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 9

  10. Properties of Exor Ex-or is a binary operator, which results in 1 when both the inputs have a different logic. Otherwise , it computes 0 . ⊕ Symbol: Closure: Result of exoring two n bit number s is also n bit s. ⊕ Associati vity : Allows to use more than one ' 's in any order: ⊕ ⊕ = ⊕ ⊕ ( ) ( ) x y z x y z ⊕ = ⊕ Commutavity: x y y x Identity: The identity element is the n bit 0, represented by (00...0)=0 n ⊕ = Thus , 0 n x x In verse: Each word is the additive inverse of itself. ⊕ = Th us, 0 n x x Application of Ex-or Key + + Encryption Decryption • The key is known to both the encryptor and decryptor and helps to recover the plaintext. D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 10

  11. A product cipher made of 2 rounds 8 bit plaintext Key Scheduling Algorithm Key Mixer (whitener) K 1 Sbox Sbox Sbox Sbox K 1 2 3 4 8-bit middle text Key Mixer (whitener) K 2 Sbox Sbox Sbox Sbox 1 2 3 4 8 bit ciphertext Diffusion and Confusion 8 bit plaintext + K 1 bit 8 Sbox 4 2 4 + + K 2 bit 2, 4 Sbox Sbox 1 2 1 3 6 7 D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 11

  12. Practical Ciphers • Large data blocks • More S-Boxes • More rounds • These help to improve the diffusion and confusion in the cipher. Two classes of product ciphers • Feistel Ciphers, example DES (Data Encryption Standard) • Non-Feistel Ciphers (Substitution Permutation Networks), example AES (Advanced Encryption System) D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 12

  13. Feistel Cipher • Feistel cipher refers to a type of block cipher design, not a specific cipher • Split plaintext block into left and right halves: Plaintext = (L 0 ,R 0 ) • For each round i=1,2,...,n , compute L i = R i-1 R i = L i-1 ⊕ f(R i-1 ,K i ) where f is round function and K i is subkey • Ciphertext = (L n ,R n ) Feistel Permutation • Decryption: Ciphertext = (L n ,R n ) • For each round i=n,n-1,…,1 , compute R i-1 = L i L i-1 = R i ⊕ f(R i-1 ,K i ) where f is round function and K i is subkey • Plaintext = (L 0 ,R 0 ) • Formula “works” for any function F • But only secure for certain functions F D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 13

  14. Encryption Repeating/ Iterating this transformation we obtain the Feistel Cipher key L R 32 28 28 One expand shift shift 48 28 28 32 Round K i ⊕ 48 compress 48 of S-boxes DES 28 28 32 P box Function f 32 32 Note that the design of DES ⊕ is reduced to 32 the design of f, key which works L R on shorter lengths D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 14

  15. Non-Feistel Ciphers • Composed of only invertible components. • Input to round function consists of key and the output of previous round • These functions are obtained by the repeated application of Substitution (invertible SBoxes) and Permutation. • Thus they are called Substitution Permutation Networks (SPN). Further Reading • C. E. Shannon, Communication Theory of Secrecy Systems. Bell Systems Technical Journal, 28(1949), 656-715 • B. A Forouzan, Cryptography & Network Security, Tata Mc Graw Hills, Chapter 5 • Douglas Stinson, Cryptography Theory and Practice, 2 nd Edition , Chapman & Hall/CRC D. Mukhopadhyay Crypto & Network Security IIT Kharagpur 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

CS 166: Information Security Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers & Block Ciphers Stream ciphers based on the one-time pad Block ciphers based on codebook ciphers Symmetric

650 views • 52 slides
Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks

Contents Introduction Classification of Symmetric Ciphers Types of Attacks Properties of Secure Ciphers Components of Block Ciphers Classes of Block Ciphers DES AES Secure Communication using

606 views • 27 slides
B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

1 B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers Normally, stream ciphers are symmetric algorithms with encryption = decryption In this course we only consider symmetric stream ciphers.

828 views • 44 slides
Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and their applications are the primary focus

521 views • 5 slides
Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric Algorithms Encryption and Decryption use the same key i.e. K E = K D Examples: Block Ciphers : DES, AES, PRESENT, etc. Stream

534 views • 40 slides
The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair

The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair

Online Cryptography Course Dan Boneh Stream ciphers The One Time Pad Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs ( E , D ) where E is often

880 views • 83 slides
Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm,

Organisation Organisation Overview Overview Historic Ciphers Historic Ciphers Symmetric Ciphers Symmetric Ciphers Arrangements Cryptography Lecture Course in Autumn Term 2013 Will have two lectures (Tue 2pm, Fri 11am and one exercise

239 views • 12 slides
Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified

Lecture 5 Encryption Continued... 1 Other Old Symmetric Ciphers Skipjack Classified algorithm originally designed for the NSA-sponsored Clipper chip declassified in 1998 32 rounds, breakable with 31 rounds 80 bit key, inadequate

464 views • 12 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for

CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for

CSCI E-170 Lecture 03: Hash functions and Symmetric Ciphers Simson L. Garfinkel Center for Research on Computation and Society Harvard University October 3, 2005 1 Administrivia 1. LiveJournal everybody okay? 2. HW1 Checkpoint 3.

450 views • 42 slides
Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation Introduction to Computer Security Announcements Cryptography, symmetric and public-key Hash functions and MACs Stephen McCamant Building a secure

440 views • 11 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department

Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 Why Triple-DES?

627 views • 14 slides
SWEET Trial Switch to Efavirenz + TDF-FTC SWEET: Design Study Design: SWEET Study Background

SWEET Trial Switch to Efavirenz + TDF-FTC SWEET: Design Study Design: SWEET Study Background

Switch from Efavirenz + ZDV-3TC to Efavirenz + TDF-FTC SWEET Trial Switch to Efavirenz + TDF-FTC SWEET: Design Study Design: SWEET Study Background : Randomized, controlled, open label phase 3 trial evaluating a simplification strategy for

556 views • 10 slides
No disclosures Warren Gasper MD UCSF Vascular Surgery 4/15/2016 2 AVF Cannulation

No disclosures Warren Gasper MD UCSF Vascular Surgery 4/15/2016 2 AVF Cannulation

Cannulation Related Complications Delay the Use of AVFs In a Significant Number of Patients Can anything be done about it? No disclosures Warren Gasper MD UCSF Vascular Surgery 4/15/2016 2 AVF Cannulation Complications | UCSF Vascular

89 views • 5 slides
Industry 4.0: Supercharging Productivity with Digital Technologies Dr. Robert D. Atkinson,

Industry 4.0: Supercharging Productivity with Digital Technologies Dr. Robert D. Atkinson,

October 16, 2014 Industry 4.0: Supercharging Productivity with Digital Technologies Dr. Robert D. Atkinson, President, ITIF @RobAtkinsonITIF The Information Technology and Innovation Foundation is a Washington, D.C.-based think tank at the

506 views • 29 slides
Topology, Geometry, and Physics John Morgan University of Haifa, Israel March 28 30, 2017

Topology, Geometry, and Physics John Morgan University of Haifa, Israel March 28 30, 2017

Topology, Geometry, and Physics John Morgan University of Haifa, Israel March 28 30, 2017 John Morgan (University of Haifa, Israel) Topology, Geometry, and Physics March 28 30, 2017 1 / 106 The Basics of Manifold Topology John

1.88k views • 148 slides
On Volume-Surface Reaction-Diffusion systems Klemens Fellner Institute of Mathematics and

On Volume-Surface Reaction-Diffusion systems Klemens Fellner Institute of Mathematics and

On Volume-Surface Reaction-Diffusion systems Klemens Fellner Institute of Mathematics and Scientific Computing, University of Graz joint works with L. Desvillettes, H. Egger, J.-F. Pietschmann, E. Latos, B.Q. Tang Marrakech 18.04.2018 p.

2.33k views • 39 slides
Problem: Given any five points in/on the unit 1 square, is there always a pair with distance

Problem: Given any five points in/on the unit 1 square, is there always a pair with distance

Problem: Given any five points in/on the unit 1 square, is there always a pair with distance ? 2 1 1 What approaches fail? What techniques work and why? Lessons and generalizations Problem: Given any five points in/on the

592 views • 34 slides
Hierarchical Radiosity w ith Multiresolution Meshes Andrew Willmott Thes is Propos al Thes is

Hierarchical Radiosity w ith Multiresolution Meshes Andrew Willmott Thes is Propos al Thes is

Hierarchical Radiosity w ith Multiresolution Meshes Andrew Willmott Thes is Propos al Thes is Committee: Paul Heckbert (CMU) David OHallaron (CMU) Andy Witkin (CMU) Francois Sillion (INRIA) Overview S tate of the art radiosity

525 views • 39 slides
Toward Automated Info-Flow Integrity Verification (or, Fixing your security policy) Umesh

Toward Automated Info-Flow Integrity Verification (or, Fixing your security policy) Umesh

Toward Automated Info-Flow Integrity Verification (or, Fixing your security policy) Umesh Shankar (UC Berkeley) Trent Jaeger (Penn State / IBM) Reiner Sailer (IBM) The goal, with an example Integrity property: Trusted processes dont

317 views • 20 slides

More recommend