1 / 21

“Implementation of a RC5 block cipher algorithm and implementing an attack on it”

Cryptography Team Presentation 1. Agarwal, Kshitij Rao , Prashant. “Implementation of a RC5 block cipher algorithm and implementing an attack on it”. Project Mentor – Prof. Alan Kaminsky. Fast symmetric block cipher Same key for encryption and decryption

ramona-hopkins
Download Presentation

“Implementation of a RC5 block cipher algorithm and implementing an attack on it”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography Team Presentation 1 Agarwal, Kshitij Rao, Prashant “Implementation of a RC5 block cipher algorithm and implementing an attack on it” Project Mentor – Prof. Alan Kaminsky

  2. Fast symmetric block cipher • Same key for encryption and decryption • Plaintext and ciphertext are fixed-length bit sequences (blocks) About RC5

  3. RC5 – w/r/b • E.g. RC5 – 32/16/10 • w = 32 bits • r = 16 rounds • b = 10-byte (80-bit) secret key variable • t = 2 (r + 1) = 2 (16 + 1) = 34 rounds Parameters of RC5

  4. “w”(bits) – variable word size • Allowable choice for “w” in RC5– 16,32 and 64 • Suggested 32 • “Two” word input (plaintext) block size – 64-bit plaintext • “Two” word output (ciphertext) block size – 64-bit ciphertext • Design accepts all w > 0 • Variable word size can exploit longer word length of processors like 64 – bit processors. Important parameters in details

  5. “r” – variable number of rounds • Tradeoff between high speed and high security. • Allowed values 0-255 • Suggested – 12 • Higher the number of rounds provides increased level of security. • “S” – Expanded key table – derived from user’s secret key. • “t” – The size of table “S” (depends on “r”) • t = 2 ( r + 1 ) words. Important parameters in details

  6. “b” – variable length secret cryptographic key • The number of bytes in the secret key K. • 16 bytes suggested with allowed values from 0 – 255 • “K” – The b-byte secret key : K[0], K[1], ..., K[b-1]. Important parameters in details

  7. RC5 cannot be secure for all possible values • r = 0 • No rounds of security will provide no encryption • r = 1 • One round will provide very less security • As a matter of fact, it can be easily broken • b = 0 • No key, no security • Maximum allowable parameter values will be overkill. • Nominal Choice Proposed • RC5 – 32/12/16 Discussion on parameters

  8. Three Primitive operations(and their inverses) • Two’s complement addition of words, modulo 2w • ‘+’ • Inverse op , subtraction, ‘-’ • Bit-wise exclusive OR of words, denoted by ⊕ • A left-rotation of words • x <<< y , cyclic rotation of word x left by y bits • One word of the intermediate results is cyclically rotated by an amount determined bits of another intermediate results. • The inverse operation is right-rotation, x>>>y Notation and RC5 Primitive Ops

  9. We see that rotations are ‘rotations by variable amount’ that is plaintext dependent • We know that on modern microprocessors, a variable rotation takes constant-time • Time is independent of the rotation amount y • No other non-linear operations in RC5 • Strength,therefore, relies on data-dependent rotations Note

  10. Three parts:- • Key Expansion • Encryption Algorithm • Decryption Algorithm RC5 Algorithm

  11. Requirements of key expansion • Filling the expanded key table array S[0…t – 1] with random binary words • “t” – Size of table “S” => 2 ( r+1 ) • S table is not an “S-box” like DES. • Entries in S sequentially, one at a time. • Random binary words are derived from the K. RC5 Algorithm – Key Expansion

  12. Starting with two magic constants • Two word-sized binary constants • Pw = Odd((e - 2) 2w ) • Qw = Odd((φ – 1) 2w ) • e = 2.718281828459… (base of natural logarithms) • Φ = 1.618033988749… (golden ratio), • Where, Odd(x) is the odd integer nearest to x • For w = 16 and 32 in hexadecimal form • P16 = b7e1 • Q16 = 9e37 • P32 = b7e15163 • Q32 = 9e3779b9 RC5 Algorithm – Key Expansion

  13. Converting the Secret Key from Bytes to Words • c = ceiling(b/u) words • Pseudo code for conversion:- RC5 Algorithm – Key Expansion Image Source: http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf

  14. Initializing the S Array • Initialization to a particular fixed(key- independent) RC5 Algorithm – Key Expansion Image Source: http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf

  15. Mixing in the Secret Key • Pseudo code:- RC5 Algorithm – Key Expansion Image Source: http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf

  16. Encryption Algorithm • Two w-bit words are denoted as A and B A = A + S[0]; B = B + S[1]; for i = 1 to r do A = (( A ⊕ B ) <<< B ) + S[ 2 * i ]; B = (( B ⊕ A) <<< A ) + S[ 2 * i + 1]; The output is in the registers A and B. Work is done on both A and B, unlike DES where only half input is updated. RC5 Algorithm Image Source: http://en.wikipedia.org/wiki/File:RC5_InfoBox_Diagram.svg

  17. Decryption Algorithm • (easily derived from encryption) • Two w-bit words are denoted as A and B for i = r downto 1 do B = (( B – S[ 2 * i + 1 ]) >>> A) ⊕ A; A = (( A – S[ 2 * i ] >>> B) ⊕ B; B = B - S[1]; A = A - S[0]; The output is in the registers A and B. RC5 Algorithm

  18. Data dependent rotations – amount of rotation is not pre-determined. • The behavior of each round is different as the rotation amount is different. • Each round ends by adding expanded key from S • It was experimentally[1] determined that after eight rounds in RC5-32, each message bit affected some rotation amount. Important Notes [1]: Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96.

  19. Differential Attack will be performed. • Difficult because bits are rotated to “random” positions in each round. • Analysis of the requirements of the attack. • Analysis of the results of the attack. Next Presentation

  20. Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96. http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf • RC5 Encryption Diagram • http://en.wikipedia.org/wiki/File:RC5_InfoBox_Diagram.svg • http://en.wikipedia.org/wiki/RC5 References

  21. THANK YOU Questions, if any.

More Related