360 likes | 505 Views
Lecture 4 Overview. Data Encryption Standard. Combination of substitution and transposition Repeated for 16 cycles Provides confusion and diffusion Product cipher Two weak but complementary ciphers can be made more secure by being applied together. Types of Permutations.
E N D
Data Encryption Standard • Combination of substitution and transposition • Repeated for 16 cycles • Provides confusion and diffusion • Product cipher • Two weak but complementary ciphers can be made more secure by being applied together CS 450/650 – Lecture 4: DES
Types of Permutations Pattern of Expansion Permutation CS 450/650 Fundamentals of Integrated Computer Security
A High Level Description of DES Input - P IP 16 Cycles Key Inverse IP Output - C CS 450/650 – Lecture 4: DES
A Cycle in DES Left half Right half Key shifted And Permuted f New L-half New R-half CS 450/650 – Lecture 4: DES
Key Summary K 64 bits PC-1 K+ 56 bits C0 28 bits D0 28 bits Shift C1 28 bits C2 28 bits C16 28 bits D1 28 bits D2 28 bits D16 28 bits PC-2 K1 48 bits K2 48 bits K16 48 bits CS 450/650 – Lecture 4: DES
f E E(Rn-1) 48 bits Kn 48 bits E(Rn-1)+Kn 48 bits S Boxes 32 bits P CS 450/650 – Lecture 4: DES
The Calculation of the function f 1- Expand Rn-1 E(Rn-1 ) 2- XOR Kn + E(Rn-1) = B1B2B3B4B5B6B7B8 3- Substitution S-Boxes S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) 4- P permutation f = P(S1(B1)S2(B2)...S8(B8)) CS 450/650 – Lecture 4: DES
Cycle 1 M 64 bits I-P IP 64 bits L0 32 bits R0 32 bits f K1 48 bits L1 32 bits R1 32 bits CS 450/650 – Lecture 4: DES
Cycle 16 L15 32 bits R15 32 bits f K16 48 bits L16 32 bits R16 32 bits R16 32 bits L16 32 bits IP-1 C 64 bits CS 450/650 – Lecture 4: DES
DES CS 450/650 – Lecture 4: DES
Design of the Algorithm • key elements of the algorithm design were "sensitive" and would not be made public • the rationale behind transformations by the S-boxes, the P-boxes, and the key changes • trapdoors? • Congressional inquiry • design flaw would be discovered by a cryptanalyst • to date, no serious flaws have been published CS 450/650 – Lecture 4: DES
Does DES Work? • Differential Cryptanalysis Idea • Use two plaintext that barely differ • Study the difference in the corresponding cipher text • Collect the keys that could accomplish the change • Repeat • Diffie and Hellman then outlined a "brute force" attack on DES • try as many of the 256 possible keys CS 450/650 – Lecture 4: DES
Triple DES • Triple-DES is just DES with two 56-bit keys applied. • Given a plaintext message, the first key is used to DES- encrypt the message. • The second key is used to DES-decrypt the encrypted message. • Since the second key is not the right key, this decryption just scrambles the data further. • The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext. • This three-step procedure is called triple-DES. CS 450/650 – Lecture 4: DES
Lecture 6 Advanced Encryption Standard (AES) CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini
The Birth of AES • By mid 1990s, virtually all cryptologists agreed that DES needed to be replaced • NIST abandoned the official endorsement of DES in 1997 and began work on a replacement • to be called the Advanced Encryption Standard • Despite concerns about its vulnerability • DES is still widely used by worldwide to protect sensitive on-line applications CS 450/650 Lecture 6: AES
The minimum requirements • A symmetric-key cryptosystem • A block cipher • Capable of supporting a block size of 128 bits • Capable of supporting key length of 128, 192, and 256 bits • Available on a worldwide, non-exclusive, royalty-free basis CS 450/650 Lecture 6: AES
Criteria for Evaluation • Security • Soundness of the mathematical basis for an algorithm’s claimed strength • Research community search for flaws • Computational Efficiency • Memory Requirements • Flexibility • Simplicity CS 450/650 Lecture 6: AES
Advanced Encryption Standard • NIST chose 15 algorithms for evaluation in the first round • 9 of them were descendants of DES • 5 made it to the second round • Rijndael (Rine dahl) • by Vincent Rijmen & Joam Daemen • selected based on efficiency and implementation • In 2001, it was formally adopted by US CS 450/650 Lecture 6: AES
AES (cont) • 10, 12, 14 rounds for 128, 192, 256 bit keys • Regular Rounds (9, 11, 13) • Final Round is different (10th, 12th, 14th) • Each regular round consists of 4 steps • Byte substitution (BSB) • Shift row (SR) • Mix column (MC) • Add Round key (ARK) CS 450/650 Lecture 6: AES
AES Overview Plaintext (128) ARK Subkey0 9 rounds BSB SR Ciphertext (128) ARK Subkey10 CS 450/650 Lecture 6: AES
Round i operations 128-bit substitution boxes confusion transposition step of circular shift confusion Left shift and XOR of bits diffusion and confusion portion of key is XORed confusion Subkeyi CS 450/650 Lecture 6: AES
128-bit block 4 x 4 matrix 128 bits 16 bytes b0, b1, b2, .., b15 State S0,0 S0,1 CS 450/650 Lecture 6: AES
128-bit key 4 x 4 matrix 128 bits 16 bytes k0, k1, k2, .., k15 Key CS 450/650 Lecture 6: AES
Four Operations • Byte Substitution • predefined substitution table s[i,j] s’[i,j] • Shift Row • left circular shift • Mix Columns • 4 elements in each column are multiplied by a polynomial • Add Round Key • Key is derived and added to each column CS 450/650 Lecture 6: AES
Substitution table CS 450/650 Lecture 6: AES
Exercise • Using the table, find the substitution of 6b, ff, 6e, 09 7f, 16, 9f, 01 CS 450/650 Lecture 6: AES
Shift Row (128-bit) CS 450/650 Lecture 6: AES
Byte as a Polynomial • One byte 8 bits B7, B6, B5, B4, B3, B2, B1, B0 B7x7 + B6 x6 + B5 x5 + B4 x4 + B3 x3 + B2 x2 + B1 x1 + B0 • Example: • E5 (hex) = 1110 0101 (binary) = x7 + x6 + x5 + x2 + 1 (poly) CS 450/650 Lecture 6: AES
Mix Column = * Multiplying by 1 no change Multiplying by 2 shift left one bit Multiplying by 3 shift left one bit and XOR with original value More than 8 bits 100011011 is subtracted CS 450/650 Lecture 6: AES
Exercise 6e 2c = * c6 95 CS 450/650 Lecture 6: AES
Add Key = b’x bx kx XOR CS 450/650 Lecture 6: AES
Example k = 1f 34 0c da 5a 29 bb 71 6e a3 90 f1 47 d6 8b 12 B = e5 a8 6f 33 0a 52 31 9c c2 75 f8 1e b0 46 de 3a B’ = fa 9c 63 9e 50 7b 8a ed ac d6 68 ef f7 90 55 28 CS 450/650 Lecture 6: AES
4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes 4 bytes Key Generation Circular left shift 1byte S-box XOR Round constant XOR CS 450/650 Lecture 6: AES
Round Constant Table CS 450/650 Lecture 6: AES
DES vs AES CS 450/650 Lecture 6: AES