1 / 53

Computer Systems Security Cryptography Topic 3 Sources: Pfleeger Chapter 10

Computer Systems Security Cryptography Topic 3 Sources: Pfleeger Chapter 10. Agenda. Details of AES Public Key Encryption Systems Merkle-Helman Knapsacks Encryption RSA Encryption Other Aspects of Cryptography and conclusion. Where we left off last week ….

skylar
Download Presentation

Computer Systems Security Cryptography Topic 3 Sources: Pfleeger Chapter 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Systems SecurityCryptography Topic 3Sources: Pfleeger Chapter 10 CSS_PS6.ppt

  2. Agenda • Details of AES • Public Key Encryption Systems • Merkle-Helman Knapsacks Encryption • RSA Encryption • Other Aspects of Cryptography and conclusion CSS_PS6.ppt

  3. Where we left off last week … • Introduced AES. The characteristics are: • Symmetric key • Operates on data blocks of 128 bits • Key sizes of 128, 192, and 256 bits • Rijndael Algorithm • Structure of AES • 128-bit block of AES presented as a 4 by 4 matrix, called the state. • Present the state as the matrix s[0,0]..s[3,3]. • Fill the state matrix from input in columns. • Rijindael performs some of the operations in columns, and some in rows. CSS_PS6.ppt

  4. AES – Rijndael Basic Steps The four steps are as follows: • Byte Substitution: Non-linear function for confusion • S-box used on every byte. S[i,j] becomes s’[i,j]. This is carried out through a substitution table • Shift Rows: Linear mixing function for diffusion • Rows ofS are permutated by left circular shift • The firsti elements of rowi are shifted around to the end • Mix columns: Transformation on columns of S under which the 4 elements of each column are multiplied by a polynomial • Defusing each element of the column over all these four elements • Shifting left and XOR bits • Effect: matrix multiplication • Add Round Key: incorporates key and creates confusion • Derive unique key and add to each column • All operations can be combined into XOR and table look-ups • This is a very efficient and fast method CSS_PS6.ppt

  5. AES: Byte Substitution Step • Uses a conventional substitution box • See next slide. • This table is set up so that each byte b is replaced by the byte which is the result of two mathematical functions: • Let b-1 be is the multiplicative inverse of b in GF(28); • 0, having no multiplicative inverse, is represented by 0. (using inverses ensures that each value appears exactly only once in the table) • Exclusive OR b-1 with 99 [= hexadecimal 63 = 0110 0011] (Adding 63 helps break up patterns) • Leaving the mathematics alone we suffice to using the substitution table in next slide CSS_PS6.ppt

  6. RSA: Byte Substitution Table (Source: Pfleeger) CSS_PS6.ppt

  7. RSA: Byte Substitution Table Byte 20 is replaced by B7, In row 2, column 0. CSS_PS6.ppt

  8. RSA: Shift Row Step • AES specifies 128-bit blocks i.e. 16 bytes. But Rijndael also defines 192-bit (24 bytes), and 256-bit (32 bytes) blocks. • Now Assume a block is composed of 16 (or 24 or 32) bytes numbered (from left, or most significant, to right) 1 to 16 (or 24 or 32). • In the shift row, the numbered bytes are shifted to the positions as shown in Table shown in the next slide. CSS_PS6.ppt

  9. RSA: Shift Row 128-,192-, and 256-bit block sizes • For 128- and 192-bit blocks, row i is rotated left (i–1) bytes Example of 128-bit block CSS_PS6.ppt

  10. RSA: Shift Row 192-bit block sizes CSS_PS6.ppt

  11. RSA: Shit Row - 256-bit block sizes • for 256-byte blocks, rows 3 and 4 are shifted an extra byte. CSS_PS6.ppt

  12. RSA – Mix Column Stage • Each column (as shown in shift rows) is “multiplied” by the matrix: • So that CSS_PS6.ppt

  13. RSA – Mix Column Stage • Note that this “multiplication” " is carried out on bytes by logical operations. • so multiplying the column by 1 means leaving it unchanged, multiplying by 2 (binary 10) means shifting each byte left one bit, and multiplying by 3 (binary 11) means shifting left one bit and adding (exclusive ORing) the original unshifted value. • See example in next slide. CSS_PS6.ppt

  14. RSA – Mix Column Stage • For example, • S’1,1= S0,1 XOR (2 . S1,1) XOR (3 . S2,1) XOR S3,1 • Note that multiplication is (“.”) and addition is (XOR) and should be performed according to rules of Galios Field which are not covered in Pfleeger. • Results longer than 8 bits are reduced by computing mod P for the generating polynomial P of the Rijndael algorithm; • For example 100011011 is subtracted (XORed) from the result until the result has at most eight significant bits. CSS_PS6.ppt

  15. RSA – Add Subkey • This step adds (exclusive OR) a subkey (variation of the key) with the result so far. • The subkey is generated as follows: • The first key is the key itself. • The second key is changed 4-byte word by word. • The first word is rotated one byte left, then transformed by the substitution of the byte substitution step, then added (exclusive ORed) with a constant. • The rest of the words in that subkey are produced by the exclusive OR of the first word with the corresponding word from the previous key. CSS_PS6.ppt

  16. RSA – Add Subkey • For example, if key variation k1 is w1w2w3w4 (four 32-bit words, or 128 bits), then • k2 is w1'(w2 XOR w1')(w3 XOR w1')(w4 XOR w1') where w1' is w1 rotated left 1 byte, substituted, and exclusive ORed with a constant. CSS_PS6.ppt

  17. AES – putting it all together(source: Pfleeger) • Summary of the four steps. • Notice that in the Mix Columns step the algorithm takes a "right turn," changing from a row (word) orientation to a column structure. CSS_PS6.ppt

  18. Cryptanalysis of the AES • Rijndael has been subjected to extensive cryptanalysis by professional community and so far, no major problems have been noticed. • At the moment, the AES is a very good replacement for the DES. • The regularity of patterns result in good diffusion, • in that small changes in the input have a widespread effect. • However, it might give some clue to an attacker, although that is unlikely! • In future we can anticipate that mathematicians to explore this algorithm and its core area. CSS_PS6.ppt

  19. Public Key Encryption Systems • Proposed in 1976 by Diffie and Hellman: • Each user will need a key that does not have to be kept secret. • The public nature of the key would not hider system's secrecy. • The public key transformation is a one-way encryption with a secret (private) way to decrypt. CSS_PS6.ppt

  20. Characteristicsof Public Key Systems • This is an asymmetric method of encryption system, each user has two keys: a public key and a private key. • The user may publish the public key freely. The keys operate as inverses. Let kPRIV be a user's private key, and let kPUB be the corresponding public key. Then, P= D(KPRIV, E(KPUB,P) CSS_PS6.ppt

  21. Characteristicsof Public Key Systems • … P= D(KPRIV , E(KPUB , P) • So a user can decode with a private key what someone else has encrypted with the corresponding public key. • Also, with the second public key encryption algorithm, P= D(KPUB , E(KPRIV , P) • So a user can encrypt a message with a private key and the message can be decrypted only with the corresponding public key. • These two properties show that public and private keys can be applied in either order. CSS_PS6.ppt

  22. Characteristicsof Public Key Systems • In the literature there is three major types of public key systems: • Merkle–Hellman knapsacks, • RSA encryption, and • El Gamal applied to digital signatures. • We will examine the first two in some detail. CSS_PS6.ppt

  23. Merkle–Hellman Knapsacks • Encryption algorithm based on the knapsack problem described earlier. • The knapsack problem involves a set of positive integers and a target total, with the goal of finding a subset of the integers that sum to the target. • The knapsack problem is NP-complete. CSS_PS6.ppt

  24. Merkle–Hellman Knapsacks • The idea is to encode a binary message as a solution to a knapsack problem, reducing the ciphertext to the target sum obtained by adding terms corresponding to 1s in the plaintext. • Blocks of plaintext will be converted to a knapsack sum by adding into the sum those terms that match with 1 bits in the plaintext. • See example in next slide. CSS_PS6.ppt

  25. Merkle–Hellman Knapsacks(source: Pfleeger) CSS_PS6.ppt

  26. Merkle–Hellman Knapsacks • Before giving the details of the algorithm we define two types of knapsack: • General Knapsacks (hard knapsack) • Superincreasing knapsacks (simple knapsack) CSS_PS6.ppt

  27. General Knapsacks • The knapsack problem examines a sequence a1, a2, …, an of integers and a target sum, T. • The problem is to find a vector of 0s and 1s such that the sum of the integers associated with 1s equals T. • That is, given S = [a1,a2, …, an], and T, find a vector V of 0s and 1s such that: * vi = T CSS_PS6.ppt

  28. Superincreasing knapsacks • Places an additional restriction on the problem: The integers of S must form a superincreasing sequence, • each integer is greater than the sum of all preceding integers. • So, every integer ak would be of the form: CSS_PS6.ppt

  29. Superincreasing knapsacks • The solution is easy to find. • Start with T. Compare the largest integer in S to it. If this integer is larger than T, it is not in the sum, so the corresponding position in V will be 0. • If the largest integer is less than or equal to T, that integer is in the sum, so the corresponding position in V will be 1 and reduce T by the integer. • Repeat for all remaining integers in S. • An example solving a simple knapsack for targets 96 and 95 is shown in next slide. CSS_PS6.ppt

  30. Example of Superincreasing knapsacks Consider the list of integers [17,38,73,4,11,1] The corresponding vector V =(1,0,1,0,1,1) • Solution of a simple knapsack for targets 96 and 95. Source: Pfleeger CSS_PS6.ppt

  31. The Knapsack Problem as a Public Key Cryptographic Algorithm • Each user has a public key, which can be distributed to anyone, and a private key, which is kept secret. • The public key is the set of integers of a (regular/hard) knapsack problem • The private key is a corresponding superincreasing knapsack. • Merkle and Hellman designed a technique for converting a superincreasing knapsack into a regular one. • This was done by changing the numbers in a non-obvious but reversible way. CSS_PS6.ppt

  32. Merkle–Hellman Encryption algorithmTransforming a Superincreasing Knapsack • The encryption transforms a superincreasing knapsack into a (hard) knapsack. Here we learn just how to do that. • First we pick a superincreasing sequence S of m integers. • To do this, first choose an initial (small) integer. Choose the next integer to be larger than the first. Then select an integer larger than the sum of the first two. Continue this process by choosing new integers larger than the sum of all integers already chosen. • For example, CSS_PS6.ppt

  33. Merkle–Hellman Encryption algorithmTransforming a Superincreasing Knapsack Forms such a simple knapsack sequence CSS_PS6.ppt

  34. Merkle–Hellman Encryption algorithmTransforming a Superincreasing Knapsack • After choosing a simple knapsack S = [s1, s2,…,sm], we choose a multiplier wand a modulus n. • The modulus should be a number greater than the sum of all si. • The multiplier should have no common factors with the modulus. • To guarantee this property we can choose a modulus that is a prime number:- • no number smaller than it will have any common factors with it. CSS_PS6.ppt

  35. Merkle–Hellman Encryption algorithmTransforming a Superincreasing Knapsack • Finally, we replace every integer si in the simple knapsack with the term • hi = w * si mod n • Then, H = [h1, h2,..., hm] is a hard knapsack. Both the hard and simple knapsacks will be used in the encryption. CSS_PS6.ppt

  36. Merkle–Hellman Encryption Transformation Example • Example; • Start with the superincreasing knapsack • S = [1, 2, 4, 9] and transform it by multiplying by w and reducing mod n where w = 15 and n = 17: 1 * 15 = 15 mod 17 = 15 2 * 15 = 30 mod 17 = 13 4 * 15 = 60 mod 17 = 9 9 * 15 = 135 mod 17 = 16 The hard knapsack will be H= [15, 13,9,16] CSS_PS6.ppt

  37. Merkle–Hellman Encryption • The plaintext message P can be formed as a binary sequence say: P = [p1, p2,..., pk]. • Divide the message into blocks of m bits, P0 = [pl, p2,..., pm], P1 = [pm+1,..., p2m], and so on. (m is the number of terms in the simple or hard knapsack) • To encipher message P we need a sequence of targets where, • each target is the sum of a combination of the terms of the hard knapsack H. • The selected terms are those corresponding to 1 bits in Piso that Piserves as a selection vector for the elements of H. • Each term of the ciphertext is: • Pi * H, the target derived using block Pi as the selection vector. CSS_PS6.ppt

  38. Merkle–Hellman EncryptionAn Example • Consider the knapsacks S = [1, 2, 4, 9] and H = [15, 13, 9, 16] of previous example with w = 15, n = 17, and m = 4. The public key (knapsack) is H, while S is kept secret. • The message P = 0100101110100101 is encoded with public knapsack H = [15, 13, 9,16] as follows. P = 0100 1011 1010 0101 [0, 1, 0, 0] * [15, 13, 9, 16] = 13 [1, 0, 1, 1] * [15, 13, 9, 16] = 40 [1, 0, 1, 0] * [15, 13, 9, 16] = 24 [0, 1, 0, 1] * [15, 13, 9, 16] = 29 So The message is encrypted as the integers 13, 40, 24, 29, using the public knapsack H = [15, 13, 9, 16]. CSS_PS6.ppt

  39. Knapsack Decryption Algorithm • The recipient knows the simple knapsack and the values of w and n that transformed it to a hard public knapsack. • It determines the value w–1 so that w * w–1 = 1 mod n. In our example, 15–1 mod 17 is 8, • since 15 * 8 mod 17 = 120 mod 17 = [(17 * 7) + 1] mod 17 = 1. • Remember that H is the hard knapsack derived from the simple knapsack S. H is obtained from S by H= w * S mod n CSS_PS6.ppt

  40. Knapsack Decryption Algorithm • Also the ciphertext message produced by the encryption algorithm is: C = H * P = w * S * P mod n • To decipher, multiply C by w–1, since w-1 * C = w-1 * H * P = w-1 * w * S * P mod n= S * P mod n CSS_PS6.ppt

  41. Knapsack Decryption Algorithm • Now the recipient would solve the simple knapsack problem with • knapsack S and target w–1 * Cifor each ciphertext integer Ci. • Since w–1 * Ci = S * P mod n, the solution for target w–1 * Ci is plaintext block Pi , which is the message originally encrypted. QED CSS_PS6.ppt

  42. Example of Decryption • Remember the simple knapsack example was • S = [1, 2, 4, 9], with w = 15 and n = 17. The transmitted messages were 13, 40, 24, and 29. • To decipher, these messages are multiplied by 8 mod 17 since 8 is 15–1 mod 17. • Then we can easily solve the simple knapsacks, as follows: CSS_PS6.ppt

  43. Example of Decryption S = [1, 2, 4, 9], with w = 15 and n = 17. 13 * 8 = 104 mod 17 = 2 = [0,1,0,0]*[1,2,4,9] 40 * 8 = 320 mod 17 = 14 = [1011]= [1,0,1,1] * [1,2,4,9] 24 * 8 = 192 mod 17 = 5 = [1010]= [1,0,1,0] * [1,2,4,9] 29 * 8 = 232 mod 17 =11 = [0101] [0,1,0,1] * [1,2,4,9] The recovered message is thus 0100101110100101 CSS_PS6.ppt

  44. Case study • Investigat the cryptoanalysis of the knapsack algorithms and, • Weaknesses of the Merkle–Hellman Encryption Algorithm. CSS_PS6.ppt

  45. Rivest–Shamir–Adelman (RSA) Encryption • Introduced in 1978 by Rivest, Shamir, and Adelman based on an underlying hard problem. • The RSA algorithm incorporates results from number theory, combined with the difficulty of determining the prime factors of a target. • RSA also operates with arithmetic mod n. CSS_PS6.ppt

  46. RSA Basics • Two interchangeable keys, d and e, are used for decryption and encryption. • The plaintext block P is encrypted as Pe mod n. • The decrypting key d is carefully chosen so that (Pe)d mod n = P. • So, the receiver who knows d can simply compute (Pe)d mod n = P and recovers P without having to factor Pe. CSS_PS6.ppt

  47. RSA Basics • The encryption algorithm is based on the underlying problem of factoring large numbers. • The factorization problem is not believed to be NP-complete; • the fastest known algorithm is exponential in time. CSS_PS6.ppt

  48. Detailed Description of the RSA Algorithm • The RSA algorithm uses two keys, d and e, which work in pairs, for decryption and encryption, respectively. • A plaintext message P is encrypted to ciphertext C by C = Pe mod n • The plaintext is recovered by P = Cd mod n CSS_PS6.ppt

  49. Detailed Description of the RSA Algorithm • Modular arithmetic is symmetric, so encryption and decryption are mutual inverses and commutative. Therefore, P = Cd mod n = (Pe)d mod n = (Pd)emod n • This means that we can apply the encrypting transformation and then the decrypting one, or the decrypting one followed by the encrypting one. CSS_PS6.ppt

  50. RSA: Key Choice • The encryption key consists of the pair of integers (e, n), and the decryption key is (d, n). • This requires to find a very large value for n, a product of two primes p and q. • Both p and q should be large themselves. Typically, about 100 digits each. CSS_PS6.ppt

More Related