Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems - PowerPoint PPT Presentation

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Symmetric Key Cryptosystems Modern Symmetric Key Cryptosystems Public key cryptosystems (PKCs) and their applications are the primary focus of this course. But symmetric key cryptosystems are still an important tool. Jim Royer As we’ll see, PKCs are too slow for bulk data. Introduction to Cryptography But PKCs solve the key distribution problems for symmetric key systems. September 11, 2018 Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Two sorts of modern symmetric key systems Claude Shannon’s Principles for a Good Cipher Stream Ciphers Symmetric key use Plaintext = stream of bits or chars plaintext Key = a matching stream of keys Diffusion Changing one character in the plaintext changes many encryption alg. ⇓ key E.g.: One-time pad, LFSRS-pad characters in the ciphertext. ciphertext Confusion Each part of the ciphertext should depend on several Block Ciphers transmission ↓ parts of the key ciphertext Plaintext, key = a block of bits decryption alg. ⇓ key Long messages are broken into many blocks plaintext E.g.: DES, 3DES, AES

Modern Block Ciphers DES Games with Block Ciphers DES: The Data Encryption Standard, 1977 Plaintexts = Ciphertexts = { 0, 1 } 64 . DES: { 0, 1 } 64 × { 0, 1 } 56 → { 0, 1 } 64 � �� � � �� � � �� � plaintext key ciphertext From a 56 bit key K , 16 other 48 bit keys are generated: K 1 , . . . , K 16 Key K i is used in round i of the encryption. DES K = DES K 1 ,..., K 16 = DES with fixed key K (or subkeys K 1 , . . . , K 16 ) F : { 0, 1 } 32 × { 0, 1 } 48 → { 0, 1 } 32 the Feistel function for DES IP = initial permutation FP = final permutation = IP − 1 Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers DES The DES Round Function ϕ i , µ : { 0, 1 } 32 × { 0, 1 } 32 → { 0, 1 } 32 × { 0, 1 } 32 ϕ i ( x , y )= def ( x ⊕ F i ( y ) , y ) µ ( x , y )= def ( y , x ) Extender E : { 0, 1 } 32 → { 0, 1 } 48 DES K 1 ,..., K 16 ( x )= def IP − 1 ◦ ϕ 16 ◦ µ ◦ ϕ 15 ◦ µ ◦ · · · ◦ µ ◦ ϕ 1 ◦ IP ( x ) Exclusive-Or DES K 16 ,..., K 1 ( x )= def IP − 1 ◦ ϕ 1 ◦ µ ◦ ϕ 2 ◦ µ ◦ · · · ◦ µ ◦ ϕ 16 ◦ IP ( x ) ⊕ IP = the initial permutation Permuation P : { 0, 1 } 32 → { 0, 1 } 32 Claim. Definition 1. Substitution (s-boxes) A block cipher with a round 1 IP ( IP − 1 ( x ) = x S : { 0, 1 } 48 → { 0, 1 } 32 function of the form 2 µ ( µ ( x , y )) = ( x , y ) . ϕ ( x , y ) = ( x ⊕ f i ( y ) , y ) 3 ϕ i ( ϕ i ( x , y )) = ( x , y ) . F ( R , K ) = P ( S ( E ( R ) ⊕ K )) 4 DES k 16 ,..., k 1 ( DES k 1 ,..., k 16 ( x )) = x . is called a Feistel cipher . F i ( R ) = F ( R , K i ) DES animation: http://kathrynneugent.com/des.html

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers DES and AES Games you can play with block ciphers, I Setup f k : { 0, 1 } ℓ → { 0, 1 } ℓ :: a block cipher with fixed key k DES is a much studied and much fought over cipher m = m 1 . . . m r :: blocks of equal length ℓ The fights are a good paper topic. ( m r padded out if need be) DES’s block and key size are too small Attacks on DES are another good paper topic. 3DES – triple DES reasonable alternative Electronic Code Book Mode Advanced Encryption Standard (AES) - Oct 2000 ecbEncrypt( m ) winner of a competition to replace DES Chop m into blocks m 1 , . . . , m r based on arithmetic over F 2 8 for i ← 1 to r do c i ← f k ( m i ) key sizes 128, 192, and 256 return c 1 , . . . , c r compromise on speed and security The AES competition is yet another good paper topic. No sensible people use this mode!!! Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Problems with ECB Mode: An illustration Games you can play with block ciphers, II Cipher-Block Chaining Mode Note: For simplicity, I’m ebcEncrypt( m ) ignoring IV’s (= initialization ran ∈ { 0, 1 } ℓ Select c 0 vectors) in the pseudo-code for Chop m into ℓ -bit blocks m 1 , . . . , m r block cipher modes. for i ← 1 to r do c i ← f k ( m i ⊕ c i − 1 ) f k is the block cipher return c 0 , c 1 , . . . , c r encryption function with key k . ebcDecrypt( c ) f − 1 is the block orginal ECB-encrypted securely encrypted Chop c into ℓ -bit blocks c 0 , . . . , c r k cipher decryption for i ← 1 to r do function with key k . m i ← f − 1 ( c i ) ⊕ c i − 1 k Identical plaintext blocks are return m 1 , . . . , m r encrypted into identical ciphertext blocks. Stronger, but noise is a problem. (Why?)

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Games you can play with block ciphers, II Games you can play with block ciphers, III Cipher Feedback Mode Suppose x = x 1 . . . x k ∈ { 0, 1 } k msb ℓ ( x ) = def x 1 . . . x ℓ the ℓ most signif. bits lsb ℓ ( x ) = def x k − ℓ + 1 . . . x k the ℓ least signif. bits x 1 . . . x ℓ || y 1 . . . y m = def x 1 . . . x k y 1 . . . y m string concat. ran ∈ { 0, 1 } ℓ – public cfbEncrypt( m , x 1 ) // x 1 Chop m into ℓ -bit blocks m 1 , . . . , m r for i ← 1 to r do c i ← m i ⊕ msb ℓ ( f k ( x i )) // f k used as a PRG x i + 1 ← lsb n − ℓ ( x i ) || c i return c 1 , . . . , c r This behaves much better with errors in transmission. (Why?) Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Games you can play with block ciphers, III Games you can play with block ciphers, IV msb ℓ ( x ) = def x 1 . . . x ℓ lsb ℓ ( x ) = def x k − ℓ + 1 . . . x k x 1 . . . x ℓ || y 1 . . . y m = def x 1 . . . x k y 1 . . . y m Output Feedback Mode ran ∈ { 0, 1 } ℓ – public ofbEncrypt( m , x 1 ) // x 1 Chop m into 8-bit blocks m 1 , . . . , m r for i ← 1 to r do o i ← msb 8 ( f k ( x i )) // f k used as a PRG x i + 1 ← lsb ℓ − 8 ( x j ) || o i c i ← m i ⊕ o i return c 1 , . . . , c r (Why?) ofbDecrypt( ( c 1 � c 1 � . . . � c r ) , x 1 ) = ofbEncrypt( ( c 1 � c 1 � . . . � c r ) , x 1 ) This behaves bunches better with transmission errors. (Why?)

Modern Block Ciphers DES Games with Block Ciphers Modern Block Ciphers DES Games with Block Ciphers Games you can play with block ciphers, IV Games you can play with block ciphers, V msb ℓ ( x ) = def x 1 . . . x ℓ lsb ℓ ( x ) = def x k − ℓ + 1 . . . x k x 1 . . . x ℓ || y 1 . . . y m = def x 1 . . . x k y 1 . . . y m Counter Mode ran ∈ { 0, 1 } ℓ – public crtEncrypt( m , x 1 ) // x 1 Chop m into 8 -bit blocks m 1 , . . . , m r for i ← 1 to r do o i ← msb 8 ( f k ( x i )) c i ← m i ⊕ o i x i + 1 ← ( x i + 1 ) mod 2 ℓ return c 1 , . . . , c r This behaves much better with errors in transmission. (Why?) Modern Block Ciphers DES Games with Block Ciphers Games you can play with block ciphers, V