1 / 20

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room wi

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford [Prof. Comp. Sc. ,Purdue university USA]. RC6 AS AES. Ronald L. Rivest M.J.B. Robshaw Yiqun Lisa Yin Ray Sidney Presented by

lynton
Download Presentation

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room wi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford [Prof. Comp. Sc. ,Purdue university USA] NETWORK SECURITY

  2. RC6 AS AES Ronald L. Rivest M.J.B. Robshaw Yiqun Lisa Yin Ray Sidney Presented by HARISH KUMAR LOHAR 2005H103020 NETWORK SECURITY

  3. Outline • What is AES • Candidates for AES • Design Issues • RC6 – Introduction • RC6 – Detail • Performance • Security • Comparison with RIJNDAEL. • Coclusion NETWORK SECURITY

  4. What is AES? • The AES was issued as FIPS PUB 197 by NIST. The AES algorithm was selected in October 2001 and the standard was published in November 2002. • NIST's intent was to have a cipher that will remain secure well into the next century. • AES supports key sizes of 128 bits, 192 bits, and 256 bits, in contrast to the 56-bit keys offered by DES. NETWORK SECURITY

  5. Candidates for AES • MARS- • IBM,KEY SIZE 448 BITS,16 ROUND,Integer addition and bitwise XOR. • RC6 • RSA LABORATORIES. • SERPENT • Ross Anderson[UK],Eli Biham[ISRAEL],Lars Kundsen[NORWAY],32 Rounds,S-Boxes same as DES. • TWO FISH • Submitted by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson (United States), Blowfish,feistel network,complex and difficult to analyze • RIJNDAEL • Joan Daemen and Vincent Rijmen (Belgium) • Fast, simple, secure, versatile • Rijndael is unconventional in that its blocks are matrices of elements i. In the 128-bit version • 10 rounds, In each round the individual bytes are transformed, the rows are rotated, and the columns are multiplied to a constant matrix,XORing of the resulting array to a round key. NETWORK SECURITY

  6. Design Issues • Security Simplicity Versatility • Use data-dependent rotations to achieve a high level of security. • Adapt RC5 to meet AES requirements. • Take advantage of a new primitive for increased security and efficiency. • 32x32 multiplication, which executes quickly on modern processors, to compute rotation amounts. NETWORK SECURITY

  7. RC6 - Introduction • RSA Laboratories (United States). • RC6 is a parameterized, fast and simple algorithm based on the well-trusted RC5 cipher. • Submission consists of 20 rounds. • Uses of 32-bit variable rotations and integer multiplications. • Uses Four -32 bit register. • RC6-w/r/b.[w – words size ,r – round , b -key size in byte] • Operations • a + b integer addition modulo 2w • a - b integer subtraction modulo 2w • a b bitwise exclusive-or of w-bit words • a b integer multiplication modulo 2w • a<<<b rotate the w-bit word a to the left by the amount given by the least signicant lg w bits of b • a>>>b rotate the w-bit word a to the right by the amount given by the least signicant lg w bits of b NETWORK SECURITY

  8. Key Schedule Input: User-supplied b byte key preloaded into the c-word array L[0; : : : ; c - 1] Number r of rounds Output: w-bit round keys S[0; : : : ; 2r + 3] Procedure: S[0] = Pw for i = 1 to 2r + 3 do S[i] = S[i - 1] + Qw A = B = i = j = 0 v = 3 maxfc; 2r + 4g for s = 1 to v do { A = S[i] = (S[i] + A + B)<<<3 B = L[j] = (L[j] + A + B)<<<(A + B) i = (i + 1)mod(2r + 4) j = (j + 1)modc } P32 = B7E15163 and Q32 = 9E3779B9 (hexadecimal) NETWORK SECURITY

  9. Encryption Input: Plaintext stored in four w-bit input registers A;B;C;D Number r of rounds w-bit round keys S[0; : : : ; 2r + 3] Output: Ciphertext stored in A;B;C;D Procedure: B = B + S[0] D = D + S[1] for i = 1 to r do { t = (B x (2B + 1))<<<lg w u = (D x (2D + 1))<<<lg w A = ((A xor t)<<<u) + S[2i] C = ((C xor u)<<<t) + S[2i+ 1] (A,B,C,D) = (B,C,D,A) } A = A + S[2r + 2] C = C + S[2r + 3] NETWORK SECURITY

  10. Decryption Input: Ciphertext stored in four w-bit input registers A;B;C;D Number r of rounds w-bit round keys S[0; : : : ; 2r + 3] Output: Plaintext stored in A;B;C;D Procedure: C = C - S[2r + 3] A = A - S[2r + 2] for i = r downto 1 do { (A;B;C;D) = (D; A;B;C) u = (D x (2D + 1))<<<lg w t = (B x(2B + 1))<<<lg w C = ((C - S[2i + 1])>>>t xor u A = ((A - S[2i])>>>u) xor t } D = D - S[1] B = B - S[0] NETWORK SECURITY

  11. RC6 Round NETWORK SECURITY

  12. Security 8b 1408 • Exhaustive search - 2 to 2 704 • Meet in Middle Attack – 2 • Chances that two 256 bit key will yield same key Array. 2x256 – 44x3 -896 -70 2 = 2 = 10 • No timing attacks since rotation are data dependent • No known weak keys. • No known related-key attacks. • Round keys appear to be a “random” function of the supplied key. • Bonus: key expansion is quite “one-way”- difficult to infer supplied key from round keys. NETWORK SECURITY

  13. Performance • CPU cycle /Operation[200 Mhz processor] Java Borland C Assembly Key Setup 110000 2300 1108 Encryption 16200 616 254 Decryption 16500 566 254 • Encryption Rate [Megabits/sec] Encryption 1.57 41.5 100.8 Decryption 1.55 45.2 100.8 • On 8 bit processor Intel MCS51 ( 1 Mhz clock ) Encrypt/decrypt at 9.2 Kbits/second(13535 cycles/block) Key setup in 27 milliseconds Only 176 bytes needed for table of round keys. Fits on smart card (< 256 bytes RAM). NETWORK SECURITY

  14. RC6 – why not chosen? • On 8-bit processors, RC6 does not generally perform as well as some of the other AES finalists. • The ultra-secure key schedule had an impact on the key agility of the cipher. • The key schedule and the use of multiplication added some complexity to hardware implementations and impacted hardware performance . • The performance profile of RC6 on 64-bit machines was volatile. On some processors, RC6 easily out-performed all other finalists .Yet, on Intel’s IA-64 architecture, surprisingly poor support for multiplication meant that the performance of RC6 was hindered . NETWORK SECURITY

  15. RC6 Vs RIJNDAEL • RIJNDAEL WINS: • 8 bit platforms • hardware implementations ..[but ASIC] • CLOSE FIGHT: • DSP • FPGAs • RC6 WINS: • ARMs,PENTIUM II,PRO,III AND POWER PC • ADVANCE PROCESSOR • JAVA PLATFORM • CODE SIZE AND MEMORY REQUIREMENTS “RC6 was beyond a doubt the easiest candidate to implement on a 32 bits machine, as is illustrated by its incredibly short code .On a speed point of view, RC6 is impressive too.” – Hachez, Koeune, and Quisquater NETWORK SECURITY

  16. AES Submission Panel From left to right: Ross Anderson, Ron. Rivest, Vincent Rijmen, Bruce Schneier, and Shai Halevi Source: http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/submitters1.jpg NETWORK SECURITY

  17. Conclusion • SIMPLE • SECURE • FAST • COMPACT • FUTURE “ IMPOSSIBLE IS SOMETHING UNTRIED” NETWORK SECURITY

  18. Glossary • NIST – National Institute of Standards and technology. • AES – Advance Encryption Standard. • RC – Rivest Cipher or Ron’s Code • FIPS – Federal Information Processing Standards NETWORK SECURITY

  19. REFERENCES • AES candidates.. http://www.rsasecurity.com/rsalabs/node.asp?id=2236 • AES III [APRIL 13-14,2000] Conference Link: http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/aes3conf.htm • The Effects of Multiple Algorithms in the Advanced Encryption Standard http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/papers/06-iharvey.pdf • R.L. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Yin. The RC6 Block Cipher.v1.1, August 20, 1998. Available fromwww.rsasecurity.com/rsalabs/aes/ • AES and Future Resiliency: More Thoughts And Questions By Don B. Johnson djohnson@certicom.com March 10, 2000 • CRIPTOR1.0. VLSI Implementation of the RC6 Block Cipher Erica Mang Computers Department, University of Oradea, 5 Armatei Romane Str., 3700, Oradea, Romania NETWORK SECURITY

  20. QUERIES? THANKS TO ALL OF YOU FOR LISTENING SO ATTENTIVELY AND PATIENTLY…………… NETWORK SECURITY

More Related