470 likes | 598 Views
Chapter 4. Confidentiality – Symmetric Encryption. Session 2 – Contents. Types of Crypto Systems Symmetric Encryption Stream Cipher Block Cipher Systems Asymmetric encryption Basic Theory of Enciphering Shift Registers Linear Shift Registers Non-Linear Combinations of LFSR Devices
E N D
Chapter 4 Confidentiality – Symmetric Encryption
Session 2 – Contents • Types of Crypto Systems • Symmetric Encryption • Stream Cipher • Block Cipher Systems • Asymmetric encryption • Basic Theory of Enciphering • Shift Registers • Linear Shift Registers • Non-Linear Combinations of LFSR Devices • Key Generators • Block Ciphers • Data Encryption Standard (DES) (FIPS 46-3) • Modes of Operation (FIPS 81) • Triple DES (FIPS 46-3 and ANXI X9.52) • Advanced Encryption Standard (AES)
What is Confidentiality? • confidentiality / Protection against unauthorized individuals reading information that is supposed to be kept private. Confidentiality is achieved by enciphering the information using encryption algorithms.
Confidentiality and its Security Mechanisms Confidentiality Protection of data from unauthorized disclosure Encryption Algorithms Symmetric Asymmetric Stream Ciphers Block Cipher Public-Key Pohlig Hellman DES AES RSA Synchronous OFB 3DES Blowfish ElGamal Self-Synchronous CFB MARS RC5 Schnorr ECC RC4 CAST IDEA
Types of Crypto Systems • Symmetric Cryptography – Secret Key • A single key serves as both the encryption and the decryption key. • Initial arrangements need to be made for individuals to share the secret key. • Stream Ciphers and Block Ciphers (DES, AES) • Asymmetric Cryptography – Public-Key • One key is used to encipher and another to decipher. • Privacy is achieved without having to keep the enciphering key secret because a different key is used for deciphering. • Pohlig Hellman, Schnorr, RSA, ElGamal, and Elliptic Curve Cryptography (ECC) are popular asymmetric crypto systems.
As the market requirements for secure products has exponentially increased, our strategy will be to …. As the market requirements for secure products has exponentially increased, our strategy will be to …. Asdfe8i4*(74mjsd(9&*nng654mKhnamshy75*72mnasjadif3%j*j^3cdf(#4215kndh_!8g,kla/”2acd:{qien*38mnap4*h&fk>0820&ma012M Symmetric Key Crypto System • Security is based on the secret key, not on the encryption algorithm. • The sharing of secret keys is necessary. • Strengths: Fast, good for encrypting large amounts of data. • Weakness: Key delivery. • There are two types of symmetric crypto systems: Stream Cipher (RC4) and Block Ciphers (DES, AES, RC5, CAST, IDEA). Secret Key Ciphertext Plaintext Plaintext Encryption Algorithm Encryption Algorithm Encipher Decipher
As the market requirements for secure products has exponentially increased, our strategy will be to …. As the market requirements for secure products has exponentially increased, our strategy will be to …. Asdfe8i4*(74mjsd(9&*nng654mKhnamshy75*72mnasjadif3%j*j^3cdf(#4215kndh_!8g,kla/”2acd:{qien*38mnap4*h&fk>0820&ma012M Encipher Decipher Asymmetric Key Crypto System(Public Key Algorithm) • Public key encryption involves two mathematically related keys. • Either key can be used to encipher. • One of the keys can be made public and the other kept private. • Strengths: No key delivery issues, can be used for non-repudiation. • Weakness: Slow, inefficient for large amounts of data, computationally expensive. • Algorithms: RSA, ElGamal, Schnorr, Pohlig-Hellman, Elliptic Curve Cryptography. • Used mainly for key exchange or digital signatures. One Key to Encipher Another Key to Decipher Ciphertext Plaintext Plaintext Encryption Algorithm Encryption Algorithm
1 1 0 1 0 1 0 0 1 1 0 0 1 0 1 Stream Ciphers • Plaintext is broken up into successive bits, and each one is enciphered with a bit from a keystream • If the key stream repeats itself after n characters, the stream is periodic; otherwise, it is non-periodic. • Types of Stream Ciphers • Synchronous stream cipher • Self-synchronous stream cipher Output One-time Keypad
Key Stream Key Stream Ciphertext Plaintext Plaintext + + Encryption AlgorithmModulo 2 Adder Encryption AlgorithmModulo 2 Adder Decipher Encipher Stream Cipher Encryption Using Modulo-2 Modulo 2 Adder 1 + 0 = 1 1 + 1 = 0 0 + 1 = 1 0 + 0 = 0 Enciphering Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0 Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1 Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1 Deciphering Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1 Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1 Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0
Cryptographic Variables (CV) Cryptographic Variables (CV) Key Generator Key Generator Synchronization Initialization Vector (IV) Initialization Vector (IV) Key Stream Key Stream Ciphertext Plaintext Plaintext + + Encryption AlgorithmModulo 2 Adder Encryption AlgorithmModulo 2 Adder Decipher Encipher Symmetric Key Stream Cipher • Key stream generated independently of the cleartext or cipher text. • Crypto variable and initialization vector required. • Periodic key stream
A bit is not received correctly (bit flip) Enciphering Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0 Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1 Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1 Deciphering Ciphertext 1 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1 Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1 Plaintext 0 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0 A bit is missing Enciphering Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0 Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1 Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1 Deciphering Ciphertext 0 0 1 0 1 1 1 0 0 1 1 0 0 1 0 1 Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1 Plaintext 1 0 0 1 1 1 0 1 1 1 1 1 0 1 0 0 0 Bit Flip and Missing Bits Modulo-2 Adder 1 + 0 = 1 1 + 1 = 0 0 + 1 = 1 0 + 0 = 0
+ + Self-Synchronous Stream Cipher Cryptographic Variables (CV) Cryptographic Variables (CV) Key Generator Key Generator N-bit Feedback Shift Register Key Stream Key Stream Plaintext Ciphertext Plaintext Encipher Decipher • Keystream function of the ciphertext • Allows late entry. • Non-periodic Key stream.
Perfect Crypto System • From the theoretical point of view, the only system that offers perfect secrecy is the one in which the keystream is • totally random, • infinitely long, • and used only one time. • A perfect crypto system is achieved only with Vernam's cipher, the One-Time key, in which the keystream is random, is as long as the message, and is used only one time. • However, Vernam's cipher system is not widely used because of the following problems: • The length of the key is as long as the plaintext and can be cumbersome. • There is an immense volume of key material that needs to be sent to the receiver. • The cryptographer needs to find a safe way of letting the recipient know the key that was used to encipher the message.
Perfect Key Generator Starting position 1 • Infinite Number of Crypto Variables (Keys) • 56, 64, 128, 256, 512, 1028, 2056 bits • Random Keystream • A pseudorandom keystream that is random for all statistical tests, but which can be re-created by the same type of key generator when the same crypto variables are loaded in both key generators. • Infinite Cycle Length • Random Starting Places • Random Starting Places (Message Key, Initialization Vector). With many different message keys (starting positions in the key generator), the probability that the key used to encipher a message is used only one time is very high. This is one of the most important of Vernam's conditions for a perfect keystream. • Fail Safe-Alarms. 1 1 0 1 0 1 Key Variable 1 0 0 1 1 0 0 1 0 1 Cycle Length Starting position 10 40 0 1 0 0 1 1 Key Variable 2128 0 0 1 1 1 0 0 0 1
Advantages They produce sequences of 1s and 0s. Identical shift registers with the same initial input behave alike and produce exactly the same outputs. They easily produce long cycles. Their outputs are statistically balanced. They have well known properties. Disadvantages They are described by a single recursion equation. Previous stages are easily calculated. In the initial starting condition, all zeros must be avoided to prevent collapse. Setting at least one of the stages to 1 prevents this problem. Improper selection of the feedback taps may not produce maximum length periods. Linear Shift Register
+ + + + + + + + Linear Feedback Shift Registers (LFSR) S3 Sn-1 Sn S1 S2 The polynomial f(x) of any shift register, called the Characteristic Polynomial, can be determined as the sum of the values of CiXi for which the Si stage is fed back into the modulo-2 adder. C1 C2 C3 Cn-1 Cn S3 Sn-1 Sn S1 S2 Co X0 C1 X1 C2 X2 C3 X3 Cn-1 Xn-1 Cn Xn
1 0 1 1 0 1 0 1 0 0 1 0 + 0 0 0 1 0 0 0 0 Shift Register Theory Modulo-2 Adder 1 + 0 = 1 1 + 1 = 0 0 + 1 = 1 0 + 0 = 0 x 0 x1 x2 x3 x4 Step 1 0 0 0 1 Step 2 Step 3 f(x) = 1 + x + x4 Step 4 Clock States Clock States (Initial) 0 0 0 1 1 1 0 0 0 10 0 1 1 0 2 1 1 0 0 11 0 0 1 1 3 1 1 1 0 12 1 0 0 1 4 1 1 1 1 13 0 1 0 0 5 0 1 1 1 14 0 0 1 0 6 1 0 1 1 15 0 0 0 1 7 0 1 0 1 16 1 0 0 0 8 1 0 1 0 17 1 1 0 0 9 1 1 0 1 18 1 1 1 0 Characteristic Polynomial of a Shift Register Maximum length of a four-stage shift register: Period = 15 = 2 4 –1 Number of “ones = 2 4 – 1 Number of “zeros” = 2 4 – 1 –1
+ + + + Shift Register Theory Modulo-2 Adder 1 + 0 = 1 1 + 1 = 0 0 + 1 = 1 0 + 0 = 0 x 0 x1 x2 x3 x4 x 0 x1 x2 x3 x4 0 0 0 1 0 0 0 1 f(x) = 1 + x2 + x4 f(x) = 1 + x + x2 + x3 + x4 Clock States (Initial) 0 0 0 1 1 1 0 0 0 2 0 1 0 0 3 1 0 1 0 4 0 1 0 1 5 0 0 1 0 6 0 0 0 1 Clock States (Initial) 1 0 1 1 1 1 1 0 1 2 0 1 1 0 3 1 0 1 1 Clock States (Initial) 0 0 0 1 1 1 0 0 0 2 1 1 0 0 3 0 1 1 0 4 0 0 1 1 5 0 0 0 1 If an LFSRs doesn’t have maximum length, the initial conditions (the initial sequence loaded into the shift register) determine which sequence is generated and the period of such sequence. In any LFSR, the feedback connections determine whether the sequence will be maximum or not.
Shift Register Properties • A Shift Register produces sequences that depend upon the number of stages, feedback tap connections, and initial conditions. • The succession of states in a Shift Register is periodic, with a period p £ 2n - 1, where n is the number of stages. The value of p depends on the feedback coefficients, but a period of (2n - 1) can sometimes be achieved. • A sequence generated by an n-stage Shift Register is said to have maximum length if its period is p = 2n - 1. This maximum length holds, no matter what the initial state of the shift register is. Also, if a Shift Register sequence has a period of p = 2n - 1, then every possible binary vector (except all zeros) of length n occurs exactly once in each period. • In any LFSR, the feedback connections determine whether the sequence will be maximum or not. • In LFSRs with reducible characteristic polynomials (non-maximal sequences), the initial conditions (the initial sequence loaded into the shift register) determine which sequence is generated and the period of such sequence.
Shift Register Properties • If all the exponents of a polynomial are even, then the characteristic polynomial is reducible, and it can’t have a maximum length sequence; e.g., the characteristic polynomial is reducible. • If a shift register sequence has maximum length, its characteristic polynomial is irreducible; however, the converse of this property does not hold true. There actually are irreducible polynomials which correspond to no maximum-length sequences. • If the characteristic polynomial of a LFSR is primitive, the shift register sequence has maximum length. • A maximum length sequence cannot be generated from a Shift Register that has an odd number of taps because this means that f(x) is divisible by(x - 1). • The number of ways to achieve maximum length (p = 2n - 1) in a Shift Register is given by
Shift Register Properties • If a sequence has an irreducible characteristic polynomial of degree n, the period of the sequence is a factor of 2n - 1, and it may or may not be maximum. The period is always the same, regardless of the initial state. However, if the maximal length, p = 2n - 1, is prime, every irreducible polynomial of degree n corresponds to a shift register sequence of maximum length. When p = 2n - 1 is prime, it is known as Mersenne Prime. • If a sequence has an irreducible characteristic polynomial of degree n, its maximum length does not depend on the initial conditions, except for the initial condition, "all 0s." • If a sequence has a primitive characteristic polynomial of degree n, its period is the smallest positive integer p for which the characteristic polynomial f(x) divides xp - 1, modulo 2.
+ + + + + + Non-Linear Combination of LFSR Devices LFSR 1 0 0 0 1 1 Initialization Vector Key Generator LFSR 2 0 0 0 1 Key Stream LFSR 3 Key Stream Ciphertext Plaintext 0 0 0 Maximum Length LFSR 1 25 – 1 = 31 LFSR 1 24 – 1 = 15 LFSR 1 23 – 1 = 7 Replace LFSR 1 for a six stage SR Maximum Length = 26 – 1 = 63 Maximum Length = 31 x 15 x 7 = 3255
Gears and Shift Registers When will the marked teeth return to their original position? 15, 31, 127
Block Cipher • Encryption algorithm is used to transform x bits of Plaintext into x bits of ciphertext. • Every bit of the plaintext has an effect on every bit of the ciphertext. • Each block is independent, no influence between blocks. • Identical plaintext blocks produce identical ciphertext blocks. • Error in ciphertext has an effect only on that block. • Types of Block Ciphers • DES Electronic Code Book • DES Cipher Block Chaining • Advanced Encryption Standard
Block Cipher Cipher Block Crypto Variables PlaintextBlock Crypto Variables Block Cipher Algorithm Block Cipher Algorithm cipher block Plaintext Blocks Block Size DES: 64-bit AES: 128-bit Encipher Decipher
Data Encryption Standard (DES) • Approved in 1977. • Enciphers a 64-bit block of plaintext into a 64-bit block of ciphertext, under the control of a 64-bit crypto variable where 56 bits are the key and 8 bits are used for parity. • Uses transposition and substitution. • Has 16 separate rounds of encipherment. Each round involves operations with a different 48-bit key developed from the original 64-bit cryptographic key. • Distributed.Net, a worldwide coalition of computer enthusiasts, worked with EFF's DES Cracker and a global network of nearly 100,000 PCs in 1998 and broke a DES 56-bit key in 22 hours and 15 minutes.
f f f f + + + + INPUT DES -Steps Initial Permutation L0 R0 Perform an initial permutation on the bit string according to a function derived from the encryption key. Perform a set of constant substitution functions using 8 S-boxes (4 x 16 matrix) followed by the permutation. Split the 64-bit permuted block of data into 32-bit halves and expand the 32- bit string to 48 bits. Encipher the right half with an encryption key, using 48 bits of the original 56-bit of the encryption key. Repeat the whole set of functions 16 times with a different encryption key every time. Perform a final permutation, the inverse of the initial permutation. Key 1 L1 = R0 R1 = L0 + f (R0 +K1) Key 2 L2 = R1 R2 = L1 + f (R1 +K2) Key n L15 = R14 R15 = L14 + f (R14 +K15) Key 16 R16 = L15 + f (R15 +K16) L16 = R15 Inverse Initial Permutation INPUT
Advanced Encryption Standard • In September 1997, the NIST issued a Federal Register Notice soliciting encryption algorithms to replace the DES. • Fifteen algorithms were presented and five were selected for the second round: • MARS, submitted by IBM (United States). • RC6, submitted by RSA Laboratories (United States). • Rijndael, submitted by Joan Daemen and Vincent Rijmen (Belgium). • Serpent, submitted by Ross Anderson (United Kingdom), Eli Biham (Israel), and Lars Knudsen (Norway). • Twofish, submitted by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson (United States). • On October 2, 2000, the NIST announced that it had selected Rijndael for the AES. • The standard became effective May 26, 2002. • The AES can be used by U.S. government organizations to protect secret and top secret (classified) information.
AES • Symmetric block cipher that uses cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data blocks of 128 bits. • Substitution and linear transformation are done with different numbers of rounds depending on the key size: 10 (128 bits), 12 (192 bits) or 14 (256 bits). • A data block to be processed using the AES is partitioned into an array of bytes, and each of the cipher operations is byte-oriented. • The AES encryption consists of the following: • Key expansion • An initial round key addition • Several rounds of ByteSub, ShiftRow, MixColumn, and AddRoundKey • Final round of ByteSub, ShiftRow, and AddRoundKey • The S-box has a mathematical structure, based on the combination of inversion over a Galois field and an affine transformation. Although this mathematical structure might conceivably aid an attack, the structure is not hidden as would be the case for a trapdoor. If the S-box were suspected of containing a trapdoor, then the S-box could be replaced.
…. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Input bit sequence …. Byte number …. 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 State Array Block Length = 128 bits = 16 bytes 1 2 0 Bit number in bytes Byte 0 Byte 8 Byte 12 Byte 4 S0,0 S0,1 S0,2 S0,3 in0 in4 in8 in12 Byte 1 Byte 5 Byte 9 Byte 13 S1,0 S1,1 in1 in5 S1,2 S1,3 in9 in13 Byte 2 Byte 6 Byte 10 Byte 14 S2,0 S2,1 S2,2 in2 in6 in10 S2,3 in14 Byte 3 Byte 7 Byte 11 Byte 15 S3,1 S3,3 in15 S3,0 S3,2 in3 in7 in11 Bytes Array Input Bytes Array State Array
AES Standard Round Transformations Round transformations are composed of four steps • SubByte: A nonlinear substitution that replaces the bytes in the State Array by the byte determined by the row and column intersection in a substitution box, S-box. Provides non-linearity. • ShiftRow: Rows of the State Array are shifted for inter-column diffusion (linear mixing). • MixColumn: Every column in the State Array is transformed using a matrix multiplication for inter-byte diffusion within columns (linear mixing). In the last round, the column mixing is omitted. • Round Key Addition: Subkey bytes are XORed into each byte of the array.
AES Implementation Key Plaintext Key Expansion(Nr + 1 ) Initial RoundAddRoundKey K(0) Standard RoundSubBytesShiftRowsMixColumnsAddRoundKey N r - 1 K(1)...K(Nr-1) Final RoundSubBytesShiftRowsAddRoundKey K(Nr) Ciphertext Picture from: http://home.ecn.ab.ca/~jsavard/crypto/co040401.htm
Key Expansion • The AES algorithm takes the Cipher Key, K, and performs a Key Expansion routine to generate a key schedule. • Key Expansion routine generates a total of Nb (Nr +1) words. • Nb is equal to number of columns in the data block. For a data block of 128 bits, Nb is equal to 4 • Nr is the number of rounds • For a data block and Cipher Key of 128 bits, it generates 4 x (10 + 1) = 44 words • The Cipher Key becomes the first words. All other words are calculated using the following transformation: temp = SubWord(RotWord (temp)) xor Rcon [ i / nk] w0w1w2w3 Cipher Key : 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c w40 w41 w42 w43 w4 w5 w06 w7 w0 w1 w2 w3 2b 28 ab 09 For a 128-bit Data Block and Cipher Key 7e ae f7 cf ••••• 15 d2 15 4f 3c 16 a6 88 K0 K1 K10
S-Box S-Box S0,0 S0,1 S0,2 S0,3 S’0,0 S’0,1 S’0,2 S’0,3 S1,0 S1,1 S1,2 S1,3 S’1,0 S’1,1 S’1,2 S’1,3 S2,0 S2,1 S2,2 S2,3 S’2,0 S’2,1 S’2,2 S’2,3 S3,1 S3,0 S3,2 S3,3 S’3,1 S’3,3 S’3,0 S’3,2 State Array State’ Array SubBytes Transformation S1,1 = 0 1 0 10 0 1 1 = S{53} S’1,1 = S’{ed} = 1 1 1 01 1 0 1
ShiftRows Transformation S0,0 S0,1 S0,2 S0,3 S’0,0 S’0,1 S’0,2 S’0,3 S1,0 S1,1 S1,2 S1,3 S’1,1 S’1,2 S’1,3 S’1,0 S2,0 S2,1 S2,2 S2,3 S’2,2 S’2,3 S’2,0 S’2,1 S3,1 S3,3 S3,0 S3,2 S’3,0 S’3,2 S’3,3 S’3,1 The bytes in the last three rows of the State Array are shifted 1, 2, or 3 times to the left.
S0,1 S’0,1 S1,1 S’1,1 S2,1 S’2,1 S3,1 S’3,1 X MixColumns Transformation MixColumn S0,0 S0,2 S0,3 S’0,0 S’0,2 S’0,3 S1,0 S1,2 S1,3 S’1,0 S’1,2 S’1,3 S2,0 S2,2 S2,3 S’2,0 S’2,2 S’2,3 S3,3 S3,0 S3,2 S’3,3 S’3,0 S’3,2 State Array The MixColumns transformation treats each column as a four term polynomial over GF(28) and multiplied modulo x4 + 1 with a fixed polynomial a(x), given by s’(x) = a(x) s(x)
AddRoundKey Transformation In the AddRoundKey transformation, every entry in the State Array is XOR with its corresponding entry in the cipher sub-key. Input = {32} = 00110010 Cipher Key = {2b} = 00101011 State Array = {19} = 00011001 Modulo-2 Adder (XOR) 1 + 0 = 1 1 + 1 = 0 0 + 1 = 1 0 + 0 = 0 32 88 31 e0 19 a0 9a e9 2b 28 ab 09 3d f4 43 5a 31 37 7e ae c6 f8 f7 cf + = e3 e2 8d f6 30 98 07 15 d2 15 48 4f XOR 2b 08 a8 8d a2 34 3c be 2a 16 a6 88 State Array (Before the Transformation) Cipher Key Array State Array (After the Transformation)
AES Advanced Validation Suite • The AES Advanced Validation Suite provides the basic design and configuration of a battery of tests designed to perform automated tests on an AES implementation. • The battery of tests includes the following: • Known Answer Test (KAT) • Multi-block Message Test (MMT) • Monte Carlo Test (MCT). • The successful completion of the tests as they are described in the AES Advanced Validation Suite is required to claim conformance to the Advanced Encryption Standard FIFS 197.
Block Cipher Modes of Operation Electronic Code Book (ECB) EBC Encryption EBC Decryption Plaintext Ciphertext • Basic mode; x-bit block input, x-bit block output. • Identical plaintext blocks produce identical ciphertext blocks. • Same as a code book. • Easier to cryptoanalyze. • One bit error propagates over the x-bit block. Input Block Input Block CIPHK CIPHK Output Block Output Block Ciphertext Plaintext
+ + + + + + Cipher Block Chaining (CBC) InitializationVector Plaintext 1 Plaintext 2 Plaintext n Input Block 1 CIPHK Output Block 1 Input Block 2 CIPHK Output Block 2 Input Block n CIPHK Output Block n Encrypt Ciphertext 1 Ciphertext 2 Ciphertext n Ciphertext 1 Ciphertext 2 Ciphertext n Input Block 1 CIPH-1K Output Block 1 Input Block 2 CIPH-1K Output Block 2 Input Block n CIPH-1K Output Block n Decrypt InitializationVector Plaintext 1 Plaintext 2 Plaintext n
+ + + + + + Cipher Feedback (CFB) Mode InitializationVector Input Block 1 CIPHK Output Block 1 Select Discard s Bits (b–s) bits Input Block 2 (b-s) Bits s Bits CIPHK Output Block 2 Select Discard S Bits (b–s ) bits Input Block n (b-s) Bits s Bits CIPHK Output Block n Select Discard s Bits (b–s) bits Encrypt Plaintext 1 Plaintext 2 Plaintext n Ciphertext 1 Ciphertext 2 Ciphertext n InitializationVector Input Block n (b-s) Bits s Bits CIPHK Output Block 2 Select Discard s Bits (b–s) bits Input Block 1 CIPHK Output Block 1 Select Discard s Bits (b–s) bits Input Block 2 (b-s) Bits s Bits CIPHK Output Block 2 Select Discard s Bits (b–s) bits Decrypt Ciphertext 1 Ciphertext 2 Ciphertext n Plaintext 1 Plaintext 2 Plaintext n
+ + + Input Block 1 CIPHK Output Block 1 Input Block 2 CIPHK Output Block 2 Input Block n CIPHK Output Block n + + + Output Feedback (OFB) Mode InitializationVector Input Block 1 CIPHK Output Block 1 Input Block 2 CIPHK Output Block 2 Input Block n CIPHK Output Block n Encrypt Plaintext 1 Plaintext 2 Plaintext n Ciphertext 1 Ciphertext 2 Ciphertext n InitializationVector Decrypt Ciphertext 1 Ciphertext 2 Ciphertext n Plaintext 1 Plaintext 2 Plaintext n
+ + + Input Block 1 CIPHK Output Block 1 Input Block 2 CIPHK Output Block 2 Input Block n CIPHK Output Block n + + + Counter (CTR) Mode Counter 2 Counter n Counter 1 Input Block 1 CIPHK Output Block 1 Input Block 2 CIPHK Output Block 2 Input Block n CIPHK Output Block n Encrypt Plaintext 1 Plaintext 2 Plaintext n Ciphertext 1 Ciphertext 2 Ciphertext n Counter 2 Counter n Counter 1 Decrypt Ciphertext 2 Ciphertext n Ciphertext 1 Plaintext 1 Plaintext 2 Plaintext n
Block Cipher Multiple Encryption • Double DES with two crypto variables • Triple DES with two crypto variables • Triple DES with three crypto variables
MessageBlock2 MessageBlockn MessageBlock1 IV + + + C C K K 1 1 ~~ C K 3 Block Cipher 2 Block Cipher n Block Cipher 1 IP Encryption IPSec uses a DES encryption algorithm with three crypto variables in the Cipher Block Chaining mode to encipher the IP packets. Or, IPSec uses a 3DES-CBC to encipher the IP packets.
To Probe Further • Golomb, S. (1967). Shift Register Sequences. San Francisco: Holden-Day Publishers • Articles related to Solomon W. Golomb Shift Register Sequences http://citeseer.nj.nec.com/nrelatedgid/35609 • Data Encryption Standard (DES) Federal Information Standards Publication FIPS PUB 46-3. http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf • DES Modes of Operation http://csrc.nist.gov/publications/fips/fips81/fips81.htm • Advanced Encryption Standard (AES) web site http://csrc.nist.gov/encryption/aes/ • Rijndael Home Page, Authors: Joan Daemen, Vicent Rijmem http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ • Encryption Standards: AES vs. DES, Author: Gerwin Sturm, 2000 http://stud3.tuwien.ac.at/~e9825530/computerscience/aes/ • Randomness Recommendations for Security http://www.ietf.org/rfc/rfc1750.txt?number=1750
To Probe Further • The AES Algorithm Validation Suite document specifies the procedures involved in validating implementation of the Advanced Encryption Standard (AES) algorithm in FIPS 197. Author: Lawrence E. Bassham III, 2002 http://csrc.nist.gov/cryptval/aes/AESAVS.pdf • AES Matlab Implementation, Author: Jörg Buchholz • This documentation describes a Matlab implementation of the Advanced Encryption Standard (AES) http://www.mathworks.co.uk/matlabcentral/fileexchange/loadFile.do?objectId=1190&objectType=file • A Specification for Rijndael Algorithm, Author: Dr. Brian Gladman, 2002 http://fp.gladman.plus.com/cryptography_technology/rijndael/aesspec.pdf