1 / 13

Introduction to Block Ciphers

Introduction to Block Ciphers. Liam Keliher Dept . Mathematics and Computer Science Mount Allison University. Terminology. Cryptography : Study of mathematical techniques to provide information security

fairly
Download Presentation

Introduction to Block Ciphers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Block Ciphers Liam Keliher Dept. Mathematics and Computer Science Mount Allison University

  2. Terminology • Cryptography: Study of mathematical techniques to provide information security • Cryptanalysis: Analysis of cryptographic methods, either to expose weaknesses or to prove strengths • Cryptology: Cryptography + Cryptanalysis • Primitive: Cryptographic building block – typically a mathematical function of some kind, e.g., • hash function • digital signature scheme • block cipher

  3. ke kd plaintext (p) plaintext (p) ciphertext (c) encryption algorithm decryption algorithm Attacker A block cipher is an encryption/decryption algorithm ► parameterized by a (master) key known only to communicating parties ► input (plaintext) / output (ciphertext) are n-bit strings (n = block size)

  4. Round R Round 2 Round 3 Round 1 subkeys k Most Block Ciphers are Product Ciphers plaintext (p) k1 k2 master key k3 kR ciphertext (c)

  5. n/2 bits n/2 bits kr f n/2 bits n/2 bits Feistel Network ► Standard block cipher structure ► Consists of multiple rounds (simpler encryption steps) ► One round:  input is split in half  left input half copied to right half of output  left input half forms input to round function, which depends on subkey for current round  round function output is XORed with right half of input to produced left half of output

  6. SPN-Based Block Ciphers Substitution-Permutation Network (SPN): ►Consists of multiple encryption rounds ► one round = three layers  Subkey mixing (XOR)  Substitution (s-boxes)  Linear transformation

  7. Well-known Block Ciphers • Data Encryption Standard (DES) • standardized by U.S. government in 1977 • Feistel network with 64-bit block and 56-bit key • extensivelycryptanalyzed (led to many new attacks) • Advanced Encryption Standard (AES) • selected as winner of NIST competition in 2001 • SPN structure with 128-bit block and 128/192/256-bit key • Camellia • successor to Japanese AES candidate E2 • Feistel network in which the round function is a mini SPN

  8. Advanced Encryption Standard (AES) • Originally called Rijndael(“Rhine-doll”) from names of designers, Vincent Rijmen and Joan Daemen • Number of rounds is based on key size: • 128 bits  10 rounds • 192 bits  12 rounds • 256 bits  14 rounds • Widely adopted since 2001 • arguably the most implemented block cipher today • used in Mount Allison’s wireless network

  9. Camellia • Block cipher introduced by NTT and Mitsubishi in August 2000 • used in Sony PSP, WinZIP, OpenSSH, etc. • Incorporated into numerous international standards (e.g., ISO/IET, IETF) • Considered competitive with the Advanced Encryption Standard (AES) for security and speed • Based on variation of Feistel network design above

  10. S S S S S S S S Camellia Specifics • Block size: N=128 bits • Possible key sizes: 128, 192, 256 bits • Number of rounds depends on key size: 128  18 rounds / 192 or 256  24 rounds • Subkeys are same size as input block (128 bits) • Round function:  kr 64-bit linear transformation

  11. Breakdown of Camellia Round Function = XOR operation (bitwise addition modulo 2) = substitution box (s-box): invertible mapping {0,1}8  {0,1}8 [needs to be nonlinear] = linear transformation; fast way to combine s-box outputs S

  12. Differential Cryptanalysis (DC) • Based on probability that a plaintext pair with a fixed XOR “difference” will produce an intermediate pair after (R-1) rounds with a fixed XOR difference • called differential probability (DP) • depends on (unknown) key, but average values can be used • Given fixed input/output differences with high DP, and enough captured plaintext-ciphertext pairs, attack can extract some or all of the key • DC was first successful attack on the Data Encryption Standard (an ancestor of Camellia) • Discovered in 1990 by Biham and Shamir

  13. input (plaintext) difference Δp rounds 1 … (R-1) View this as a big s-box: Want to find (Δx, Δy) such that DP (Δx, Δy) is maximized Reason: data complexity (number of p-c pairs required for successful attack) is proportional to inverse of this DP value Δq round R Δc output (ciphertext) difference

More Related