symmetric key cryptography introduction to symmetric key
play

Symmetric Key Cryptography Introduction to Symmetric Key - PowerPoint PPT Presentation

Jun 03, 2023 •38 likes •758 views

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

  1. PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Kölbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography

  2. Introduction to Symmetric Key Cryptography

  3. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography

  4. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography RC4 Don’t blame the user!

  5. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms Heartbleed ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography

  6. Myth Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms Drown Attack ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography

  7. Where does security fail? • User • Implementation • Protocols • Cryptographic Algorithms ”Cryptographic Algorithms are never the weakest link.” 1 Symmetric Key Cryptography Myth

  8. Hash Function MD5 • Not collision resistant [WY05] • Constructing a rogue CA [Ste+09] • Not collision resistant [WYY05] • First practical collisions this year • Plaintext Recovery in TLS [AlF+13] • ... 2 Symmetric Key Cryptography Hash Function SHA-1 Stream Cipher RC4

  9. A long list... • MIFARE Classic (Crypto 1) • A5/1, A5/2 • DECT • Kindle Cipher • ... 3 Symmetric Key Cryptography • Keeloq

  10. What can we do? • Encryption • Authentication (MAC) • Hashing • Random Number Generation • Digital Signature Schemes 4 Symmetric Key Cryptography • Key Exchange

  11. Digital Signatures • Hash-based Signature Schemes (MSS, XMSS [BDH11], SPHINCS [Ber+15]) • Zero-Knowledge Proof Based (Fish [Cha+17], Picnic [Cha+17]) 5 Symmetric Key Cryptography

  12. Key Exchange with Merkle Puzzles (1978) • Reveals an id and key k id . Alice Bob id i • Bob needs to compute n steps. 6 Symmetric Key Cryptography • Alice prepares m Puzzles: P 1 , . . . , P m . • Solving a puzzle requires n steps. P 1 , . . . , P m Solve P i → id i , k i • Adversary needs to compute mn .

  13. We need a shared secret between the parties. Meet on Friday qgWqNDAdcYgmyOy Meet on Friday qgWqNDAdcYgmyOy K K 7 Symmetric Key Cryptography Note E E

  14. The adversary • Eavesdrop on communication • Modify transmission • Delete/Insert messages • ... ...but is bound in • Computational power • Available memory • Time • Data 8 Symmetric Key Cryptography

  15. Goals of the attacker • Decrypt a ciphertext • Forge a signature • Recover the secret key • Distinguish output • ... Message Random qgWqNDA ? ? 9 Symmetric Key Cryptography E

  16. How do we achieve security for an algorithm? • Reduce security to a hard problem. • Make it secure against all known attacks. 10 Symmetric Key Cryptography Note We can not proof security for a primitive.

  17. Encryption

  18. Plaintext Ciphertext BC Key • Encrypts blocks of fixed size n with a key of size k . • Requires a mode to encrypt arbitrary messages. Block cipher is not an encryption scheme 11 Block Ciphers

  19. Ideal Block Cipher K 001111110000... K 111111001000... Plaintexts Ciphertexts 12 Symmetric Key K = 101010111010...

  20. Ideal Block Cipher K 101010111010... K 111111001000... Plaintexts Ciphertexts 12 Symmetric Key K = 001111110000...

  21. Ideal Block Cipher K 101010111010... K 001111110000... Plaintexts Ciphertexts 12 Symmetric Key K = 111111001000...

  22. random. 13 Block Ciphers A block cipher can be seen as a family of 2 k n-bit bijections. Problem There are 2 n ! bijections, we ideally want to choose 2 k uniformly at Goal We need something efficient to mimic this behaviour.

  23. 14 f 2 K r K 3 K 2 K 1 f r f 3 f 1 Iterated construction C P BC Ciphertext Plaintext Key Block Ciphers

  24. 15 f 2 R 4 L 4 R 0 L 0 f 4 f 3 f 1 The Data Encryption Standard • Standardized in 1977. • Encrypts 64-bit blocks rounds. • Feistel Network with 16 • Developed in 1970s at IBM. Symmetric Key Cryptography with 56-bit keys.

  25. 16 • HPC • Twofish • Serpent • SAFER+ • Rijndael • RC6 • MARS • MAGENTA • LOKI97 • FROG The Advanced Encryption Standard (AES) • E2 • DFC • DEAL • CRYPTON • CAST-256 256 bits. • Must support block size of 128 bits and key size of 128, 192 and • Public Competition hosted by NIST (1997-2001) Symmetric Key Cryptography

  26. 16 • HPC • Twofish • Serpent • SAFER+ • Rijndael • RC6 • MARS • MAGENTA • LOKI97 • FROG The Advanced Encryption Standard (AES) • E2 • DFC • DEAL • CRYPTON • CAST-256 256 bits. • Must support block size of 128 bits and key size of 128, 192 and • Public Competition hosted by NIST (1997-2001) Symmetric Key Cryptography

  27. AES/Rijndael • Blocksize: 128-bit • Keysize: 128/192/256 bits • Iterated block cipher with 10/12/14 rounds • Is part of a wide-range of standards. • Direct support by instructions in modern CPUs. 17 Block Ciphers

  28. 18 b b b b b b b b b b b b b b 1,2 b 0,0 b 2,3 S SubBytes 3,3 3,2 3,1 3,0 2,2 0,1 2,0 1,3 1,1 1,0 0,3 0,2 2,1 3,3 a a 1,2 a a a a a 1,1 a a a 2,1 a 3,2 a • MixColumns a a 0,0 • ShiftRows 0,2 0,3 1,0 1,3 2,0 2,2 2,3 3,0 • SubBytes • AddKey Block Ciphers Update 4 × 4 state of bytes a 0,1 a 3,1

  29. 18 1,1 1,0 1,3 1,2 1,1 1,3 1,2 1,0 0,1 0,3 0,2 0,1 0,0 Shift 3 Shift 2 Shift 1 0,0 0,2 No 3,0 3,3 3,2 3,1 3,0 3,3 3,2 3,1 2,3 0,3 2,2 2,1 2,0 2,3 2,2 2,1 2,0 change a a a a a a a a a a a a a a ShiftRows • AddKey • MixColumns a a • SubBytes a a a a a a a a a a a a a a a a • ShiftRows Block Ciphers Update 4 × 4 state of bytes

  30. 18 2,1 3,3 3,2 3,3 b 1,2 b b b b b b b b 2,3 b b b b 0,0 b0,1 0,2 0,3 1,0 3,2 1,3 2,0 2,2 3,0 2,2 3,0 a • SubBytes • ShiftRows • MixColumns • AddKey 1,2 a a a a a 1,1 a a 2,0 2,1 a a a a a a 0,0 MixColumns 0,2 0,3 1,0 1,3 2,3 Block Ciphers Update 4 × 4 state of bytes a 0,1 b 1,1 a 3,1 b 3,1

  31. 18 3,0 b b b b 1,2 2,1 b 3,3 3,2 3,1 2,3 b 2,2 2,0 1,3 1,2 1,1 1,0 0,3 0,2 0,1 0,0 b b k 1,0 AddRoundKey 3,3 3,2 3,1 3,0 2,3 2,2 2,0 1,3 1,1 0,3 b 0,2 0,1 0,0 b b b b b b b k k 0,1 a a a a a a a a a a a k a a a a a 1,1 1,2 2,1 • AddKey 0,0 0,2 • ShiftRows k k k • SubBytes k k k k k k k 0,3 k 3,3 3,2 3,1 3,0 2,3 2,2 2,0 1,3 1,0 • MixColumns Block Ciphers Update 4 × 4 state of bytes k 2,1

  32. Current state of key recovery attacks for AES-128 0 6 7 8 10 There are many more attacks with different trade-offs of time/data/memory. 19 Block Ciphers 2 126 . 18 [BKR11] 2 44 [Fer+00] 2 99 [DFJ13] 2 125 . 34 [BKR11]

  33. Stream Ciphers

  34. Plaintext Ciphertext Keystream • Encrypts individual digits . • IV to have multiple key stream for each K • Requires no padding. • Often used for low-bandwidth communication. 20 Stream Ciphers Key IV E

  35. Widely found in practice • GSM standard (A5/1, A5/2) • LTE (SNOW 3G, ZUC) • Bluetooth (E0) • TLS protocol (RC4, ChaCha20) 21 Stream Ciphers

  36. eSTREAM Project (EU) ...promote the design of efficient and compact stream ciphers suitable for widespread adoption... Software Hardware HC-128 Grain v1 Rabbit MICKEY 2.0 Salsa20/12 Trivium SOSEMANUK 22 Stream Ciphers Goal

  37. 23 1 4 5 6 7 8 0 2 LFSR-based Constructions, e.g. A5/1 3 4 5 6 7 8 3 2 1 2 • Load IV and Key in registers. • Shift registers depending on values in . • Produces 1-bit output in each iteration. 0 1 3 0 4 5 6 7 8 Stream Ciphers 9 10 11 12 13 14 15 16 17 18 9 10 11 12 13 14 15 16 17 18 19 20 21 9 10 11 12 13 14 15 16 17 18 19 20 21 22

  38. Counter Mode (CTR) AES K AES K AES K … Keystream: Reusing nonce and counter gives same keystream. 24 Stream Ciphers N || 0 . . . 01 N || 0 . . . 02 N || 0 . . . 03 C 0 , . . . , C 127 C 128 , . . . , C 255 C 256 , . . . , C 383 Note

  39. Salsa20 / ChaCha20 • ARX-based design • 512-bit state • Uses 256-bit key • 20 rounds • Fast in software • ChaCha20-Poly1305 in TLS 25 Stream Ciphers

  40. Current state of key recovery attacks for Salsa20 0 5 6 7 8 20 For ChaCha typically one round less. 26 Stream Ciphers 2 8 [CM16] 2 244 . 9 [CM16] 2 32 [CM16] 2 137 [CM16]

  41. Cryptographic Hash Functions

  42. ”There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.” WqNDAdcYgmyO 27 Hash Functions H

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security

Symmetric Key Cryptography Lecture 8 Summary RECALL Symmetric-Key Encryption SIM-CCA Security Authentication not required. i.e., Adversary allowed to send own messages (possibly error) Key/ Key/ Recv Enc Dec Send Replay SIM-CCA

192 views • 16 slides
Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko Chair, Symmetric-Key Cryptography Subcommittee (Science University of Tokyo) 1 Symmetric-Key Cryptography Subcommittee(2002) K.Araki (TIT)

998 views • 20 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric Cryptosystems Course Technicalities Renate Scheidler 1 Department of Mathematics & Statistics Overview of Cryptography 2 Department of Computer

222 views • 9 slides
Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System

Background Bas c Cryptography Background: Basic Cryptography Symmetric Key System Symmetric Key System a shared symmetric key Examples: DES IDEA RC4 AES Examples: DES, IDEA, RC4, AES Asymmetric Key System y y y a pair

661 views • 38 slides
Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information Sciences Radboud University ibenik summer school 2016 Page 1 of 51 Joan Daemen ibenik summer school 2016 Symmetric Crypto Outline Security

1.38k views • 58 slides
Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019

I5020 Computer Security Session 2 Introduction to Cryptography and Symmetric Encryption Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License.

1.25k views • 49 slides
Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on

Introduction to Symmetric Cryptography Mar a Naya-Plasencia Inria, France Summer School on real-world crypto and privacy Sibenik, Croatia - June 11 2018 Outline Introduction One Time pad - Stream Ciphers Block Ciphers -

1.17k views • 82 slides
Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2009 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

794 views • 62 slides
Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design

Symmetric Cryptography CS461/ECE422 Fall 2010 1 Outline Overview of Cryptosystem design Commercial Symmetric systems DES AES Modes of block and stream ciphers 2 Reading Chapter 9 from Computer Science: Art and

882 views • 62 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C& %^C& TOB TOB @&^( @&^(

1.32k views • 119 slides
Number Theory and Cryptography Chapter 4 Chapter Motivation Number theory is the part of

Number Theory and Cryptography Chapter 4 Chapter Motivation Number theory is the part of

Number Theory and Cryptography Chapter 4 Chapter Motivation Number theory is the part of mathematics devoted to the study of the integers and their properties. Key ideas in number theory include divisibility and the primality of integers.

1.77k views • 103 slides
Introduction to Lattices Oded Regev (Tel Aviv University and CNRS, ENS-Paris) Bar-Ilan

Introduction to Lattices Oded Regev (Tel Aviv University and CNRS, ENS-Paris) Bar-Ilan

Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19/2/2012 Introduction to Lattices Oded Regev (Tel Aviv University and CNRS, ENS-Paris) Bar-Ilan University Dept. of Computer Science Lattices A

846 views • 41 slides
P ttt Prtts

P ttt Prtts

P ttt Prtts rt r tt rtr r

554 views • 31 slides
On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1 AIST, Japan Kolkata, India (16 November 2018) 1 / 38 Table of contents 1 Introduction 2 Lightweight Crypto Stack for Circuit/RAM Size Requirement

670 views • 38 slides
Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr.

Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr.

Dealing with cache based attacks in cryptography Speculating on cache attacks Simo Sorce Sr. Principal Software Engineer 2019/02/19 What are cache based attacks ? In cryptography In cryptographic operations, leaking the internal state of a

338 views • 8 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Mathematical Cryptography Diffie Hellman, Discrete Log Problem, Collision Algorithms Mentor: Tao

Mathematical Cryptography Diffie Hellman, Discrete Log Problem, Collision Algorithms Mentor: Tao

Mathematical Cryptography Diffie Hellman, Discrete Log Problem, Collision Algorithms Mentor: Tao Song , Mentee: Lisette del Pino University of Pennsylvania Directed Reading Program May 16, 2020 Mentor: Tao Song , Mentee: Lisette del Pino

1.35k views • 98 slides
Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe.

Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe.

Commitment Schemes Section 1 Commitment Schemes Commitment Schemes Commitment Schemes Digital analogue of a safe. Commitment Schemes Commitment Schemes Digital analogue of a safe. Definition 1 (Commitment scheme) An efficient two-stage

605 views • 23 slides

More recommend