Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems - - PowerPoint PPT Presentation

symmetric key cryptosystems modern symmetric key
SMART_READER_LITE
LIVE PREVIEW

Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems - - PowerPoint PPT Presentation

Mar 06, 2024 457 likes •521 views

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and their applications are the primary focus

slide-1
SLIDE 1

Modern Block Ciphers DES Games with Block Ciphers

Modern Symmetric Key Cryptosystems

Jim Royer

Introduction to Cryptography

September 11, 2018

Modern Block Ciphers DES Games with Block Ciphers

Symmetric Key Cryptosystems

Public key cryptosystems (PKCs) and their applications are the primary focus of this course. But symmetric key cryptosystems are still an important tool. As we’ll see, PKCs are too slow for bulk data. But PKCs solve the key distribution problems for symmetric key systems.

Modern Block Ciphers DES Games with Block Ciphers

Two sorts of modern symmetric key systems

Symmetric key use

plaintext encryption alg. ⇓ key ciphertext transmission ↓ ciphertext decryption alg. ⇓ key plaintext Stream Ciphers Plaintext = stream of bits or chars Key = a matching stream of keys E.g.: One-time pad, LFSRS-pad Block Ciphers Plaintext, key = a block of bits Long messages are broken into many blocks E.g.: DES, 3DES, AES

Modern Block Ciphers DES Games with Block Ciphers

Claude Shannon’s Principles for a Good Cipher

Diffusion Changing one character in the plaintext changes many characters in the ciphertext. Confusion Each part of the ciphertext should depend on several parts of the key

slide-2
SLIDE 2

Modern Block Ciphers DES Games with Block Ciphers

DES: The Data Encryption Standard, 1977

Plaintexts = Ciphertexts = { 0, 1 }64. DES: { 0, 1 }64

  • plaintext

× { 0, 1 }56

  • key

→ { 0, 1 }64

  • ciphertext

From a 56 bit key K, 16 other 48 bit keys are generated: K1, . . . , K16 Key Ki is used in round i of the encryption. DESK = DESK1,...,K16 = DES with fixed key K (or subkeys K1, . . . , K16) F: { 0, 1 }32 × { 0, 1 }48 → { 0, 1 }32 the Feistel function for DES IP = initial permutation FP = final permutation = IP−1

Modern Block Ciphers DES Games with Block Ciphers

DES

Extender E: { 0, 1 }32 → { 0, 1 }48 Exclusive-Or ⊕ Permuation P: { 0, 1 }32 → { 0, 1 }32 Substitution (s-boxes) S: { 0, 1 }48 → { 0, 1 }32

F(R, K) = P(S(E(R) ⊕ K)) Fi(R) = F(R, Ki)

Modern Block Ciphers DES Games with Block Ciphers

The DES Round Function

ϕi, µ: { 0, 1 }32 × { 0, 1 }32 → { 0, 1 }32 × { 0, 1 }32 ϕi(x, y)=def(x ⊕ Fi(y), y) µ(x, y)=def(y, x) DESK1,...,K16(x)=defIP−1 ◦ ϕ16 ◦ µ ◦ ϕ15 ◦ µ ◦ · · · ◦ µ ◦ ϕ1 ◦ IP(x) DESK16,...,K1(x)=defIP−1 ◦ ϕ1 ◦ µ ◦ ϕ2 ◦ µ ◦ · · · ◦ µ ◦ ϕ16 ◦ IP(x) IP = the initial permutation Claim.

1 IP(IP−1(x) = x 2 µ(µ(x, y)) = (x, y). 3 ϕi(ϕi(x, y)) = (x, y). 4 DESk16,...,k1(DESk1,...,k16(x)) = x.

Definition 1. A block cipher with a round function of the form ϕ(x, y) = (x ⊕ fi(y), y) is called a Feistel cipher. DES animation: http://kathrynneugent.com/des.html

slide-3
SLIDE 3

Modern Block Ciphers DES Games with Block Ciphers

DES and AES

DES is a much studied and much fought over cipher The fights are a good paper topic. DES’s block and key size are too small Attacks on DES are another good paper topic. 3DES – triple DES reasonable alternative Advanced Encryption Standard (AES) - Oct 2000

winner of a competition to replace DES based on arithmetic over F28 key sizes 128, 192, and 256 compromise on speed and security

The AES competition is yet another good paper topic.

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, I

Setup fk : { 0, 1 }ℓ → { 0, 1 }ℓ :: a block cipher with fixed key k m = m1 . . . mr :: blocks of equal length ℓ (mr padded out if need be) Electronic Code Book Mode ecbEncrypt(m) Chop m into blocks m1, . . . , mr for i ← 1 to r do ci ← fk(mi) return c1, . . . , cr

No sensible people use this mode!!!

Modern Block Ciphers DES Games with Block Ciphers

Problems with ECB Mode: An illustration

  • rginal

ECB-encrypted securely encrypted Identical plaintext blocks are encrypted into identical ciphertext blocks.

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, II

Cipher-Block Chaining Mode ebcEncrypt(m) Select c0

ran

∈ { 0, 1 }ℓ Chop m into ℓ-bit blocks m1, . . . , mr for i ← 1 to r do ci ← fk(mi ⊕ ci−1) return c0, c1, . . . , cr ebcDecrypt(c) Chop c into ℓ-bit blocks c0, . . . , cr for i ← 1 to r do mi ← f −1

k

(ci) ⊕ ci−1 return m1, . . . , mr

Note: For simplicity, I’m ignoring IV’s (= initialization vectors) in the pseudo-code for block cipher modes.

fk is the block cipher encryption function with key k. f −1

k

is the block cipher decryption function with key k. Stronger, but noise is a problem. (Why?)

slide-4
SLIDE 4

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, II

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, III

Cipher Feedback Mode Suppose x = x1 . . . xk ∈ { 0, 1 }k msbℓ(x) =def x1 . . . xℓ the ℓ most signif. bits lsbℓ(x) =def xk−ℓ+1 . . . xk the ℓ least signif. bits x1 . . . xℓ || y1 . . . ym =def x1 . . . xky1 . . . ym string concat. cfbEncrypt(m, x1) // x1

ran

∈ { 0, 1 }ℓ – public Chop m into ℓ-bit blocks m1, . . . , mr for i ← 1 to r do ci ← mi ⊕ msbℓ(fk(xi)) // fk used as a PRG xi+1 ← lsbn−ℓ(xi) || ci return c1, . . . , cr This behaves much better with errors in transmission. (Why?)

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, III

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, IV

msbℓ(x) =def x1 . . . xℓ lsbℓ(x) =def xk−ℓ+1 . . . xk x1 . . . xℓ || y1 . . . ym =def x1 . . . xky1 . . . ym Output Feedback Mode

  • fbEncrypt(m, x1)

// x1

ran

∈ { 0, 1 }ℓ – public Chop m into 8-bit blocks m1, . . . , mr for i ← 1 to r do

  • i ← msb8(fk(xi))

// fk used as a PRG xi+1 ← lsbℓ−8(xj)||oi ci ← mi ⊕ oi return c1, . . . , cr (Why?)

  • fbDecrypt((c1c1 . . . cr), x1) = ofbEncrypt((c1c1 . . . cr), x1)

This behaves bunches better with transmission errors. (Why?)

slide-5
SLIDE 5

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, IV

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, V

msbℓ(x) =def x1 . . . xℓ lsbℓ(x) =def xk−ℓ+1 . . . xk x1 . . . xℓ || y1 . . . ym =def x1 . . . xky1 . . . ym Counter Mode crtEncrypt(m, x1) // x1

ran

∈ { 0, 1 }ℓ – public Chop m into 8-bit blocks m1, . . . , mr for i ← 1 to r do

  • i ← msb8(fk(xi))

ci ← mi ⊕ oi xi+1 ← (xi + 1) mod 2ℓ return c1, . . . , cr This behaves much better with errors in transmission. (Why?)

Modern Block Ciphers DES Games with Block Ciphers

Games you can play with block ciphers, V