290 likes | 557 Views
Encryption Schemes. Second Pass Brice Toth 21 November 2001. Introduction. Background Info Stream Ciphers Private-key Methods Public-key Methods Block Ciphers Types of Attacks. Constructions of Secure Encryption Schemes. Key ideas:
E N D
Encryption Schemes Second Pass Brice Toth 21 November 2001
Introduction • Background Info • Stream Ciphers • Private-key Methods • Public-key Methods • Block Ciphers • Types of Attacks
Constructions of Secure Encryption Schemes • Key ideas: • Using any pseudorandom function, one can construct secure private-key encryption schemes • Using any trapdoor one-way permutation, one can construct secure public-key encryption schemes • Secure schemes must employ a probabilistic (randomized) encryption algorithm so that one cannot distinguish two encryptions of the same message
Stream Ciphers • Typically there are less Stream Ciphers in use than Block Ciphers • Difficult to use correctly • Basis: • Pseudorandom Generators • Keys • States • XOR
Stream Ciphers • Basic Construction: • Key-generation/Initial State • Uniformly select R (random number) and generate key pair (r,r) and set initial state to t=0 • Encrypting Plaintext • Encrypt plaintext x with key r and state t such that l=|x| and p is the l-bit suffix of the encryption algorithm with input r and 1^(t+l) so that ciphertext is x Å p, and new state is t+l • Decrypting Ciphertext • Decrypt ciphertext y with key r and state t such that l=|y| and p is the l-bit suffix again so that the plaintext is yÅ p
Stream Ciphers • Why are they so hard to use? • Must never reuse a key • If key is reused, same stream of output generated • Must keep track of states • Must always depend on other things: • Some way to agree on keys • Authentication • Synchronization
Stream Ciphers • Some examples: • A5 • RC4 • SOBER • WAKE • SEAL • Panama
Private-key Methods • Basic Construction: • Block Cipher with length n for message x • Generate key by selecting seed s and applying function fs • Encryption algorithm selects a uniform string r and produces ciphertext (r,xÅfs(r)) • Decrypt ciphertext (r,y) using key s by computing yÅfs(r)
Public-key Methods • Basic Construction: • Key generation selects a random permutation p from a collection of trapdoor permutations, along with a trapdoor t(p serves as the public-key and t serves as the private-key) • When encrypting a bit b, the encryption algorithm randomly selects an element r in the domain of p and produces ciphertext (p(r),bÅr)
Public-key Methods • Decrypting occurs by taking ciphertext (y, s) and computing the inverse using t or sÅr(p-1(y)) • The security of the scheme follows from the one-way feature of the collection p
Block Ciphers • Basis: • Take blocks of input and encrypt entire block • Reusable keys • Different modes • Keep in mind potential problem areas: • Block padding • Initialization vectors • Codebook attacks, use the right modes
Block Ciphers • Modes of Operation: • Different characteristics • Error propagation • Resynchronization • Block resolution • Efficiency • Increase in data size • 4 Modes defined in Federal Information Processing Standards
Block Ciphers • Electronic Code Book – separately encrypt each block, patterns recognizable, “codebook” can be built up • Cipher Block Chaining – XOR plaintext with previous ciphertext block, then encrypt, use initialization vector for first block, makes identical inputs look different
Block Ciphers • Ciphertext Feedback – take previous ciphertext, encrypt, then XOR with plaintext • Output Feedback – encrypt previous output, then XOR with plaintext to get ciphertext, uses counters to determine where to take from output
Block Ciphers • Basic Construction: • Generate key pair • Encrypt plaintext • Break message into consecutive blocks of length l (possibly have to augment the last block with some padding) • Encrypt each block with encryption key r • Decrypt ciphertext • Decrypt each block with decryption key d and concatenate blocks less padding to get plaintext
Block Ciphers • The Basic Construction results in ciphertexts that reveal the exact length of the original plaintext • This is acceptable and completely hiding the length is futile • Encryption schemes that hide some information about the length of the plaintext can easily be constructed
Block Ciphers • Some examples: • DES • Blowfish • IDEA • SAFER • CAST • AES (Rijndael)
Block Ciphers - AES • Advanced Encryption Standard • National Institute of Standards and Technology search for standard replacement for DES • Requirements: • 128 bit blocksize • 128, 192, 256 bit keys • Finalists announced in August 1999
Block Ciphers - AES • Serpent • Rijndael • Twofish • Mars • RC6 • Winner: Rijndael
Block Ciphers - AES • Joan Daemen and Vincent Rijmen (Belgium) • Based on an algorithm called Square • Supports keys which are multiples of 32 bits and block sizes which are multiples of 64 bits • Number of rounds changes based on key size • Generally faster than the other candidates
Block Ciphers - AES • Key Schedule for Rijndael: • Expand cipher key (varies depending on key length, uses linear recurrence relations) • Round keys are taken from the expanded cipher key • Round keys are then rotated, passed through the S-box, and XOR’d with a round dependent constant (constants based on similar computation to S-box)
Block Ciphers - AES • Variable rounds: • 9 if both block and key are 128 bits • 11 if either block or key is 192 bits and neither are longer than that • 13 if either block or key is 256 bits • etc
Block Ciphers - AES • Using Rijndael: • Perform Add Round Key Step (XOR a subkey with the block) • Perform rounds: • Byte Sub (each byte of the block is replaced by its substitute from an S-box) • Shift Row • Bytes are arranged in a rectangle and shifted, ex. from to 1 5 9 13 1 5 9 13 2 6 10 14 6 10 14 2 3 7 11 15 11 15 3 7 4 8 12 16 16 4 8 12
Block Ciphers - AES • The S-box is: 99 124 119 123 242 107 111 197 48 1 103 43 254 215 171 118 202 130 201 125 250 89 71 240 173 212 162 175 156 164 114 192 183 253 147 38 54 63 247 204 52 165 229 241 113 216 49 21 4 199 35 195 24 150 5 154 7 18 128 226 235 39 178 117 9 131 44 26 27 110 90 160 82 59 214 179 41 227 47 132 83 209 0 237 32 252 177 91 106 203 190 57 74 76 88 207 208 239 170 251 67 77 51 133 69 249 2 127 80 60 159 168 81 163 64 143 146 157 56 245 188 182 218 33 16 255 243 210 205 12 19 236 95 151 68 23 196 167 126 61 100 93 25 115 96 129 79 220 34 42 144 136 70 238 184 20 222 94 11 219 224 50 58 10 73 6 36 92 194 211 172 98 145 149 228 121 231 200 55 109 141 213 78 169 108 86 244 234 101 122 174 8 186 120 37 46 28 166 180 198 232 221 116 31 75 189 139 138 112 62 181 102 72 3 246 14 97 53 87 185 134 193 29 158 225 248 152 17 105 217 142 148 155 30 135 233 206 85 40 223 140 161 137 13 191 230 66 104 65 153 45 15 176 84 187 22
Block Ciphers - AES • Mix Column • Matrix multiplication performed where each column is multiplied by: 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2 • Add round key (XOR subkey for current round) • An extra final round is added where the mix column step is omitted
Types of Attacks • Passive Attacks • Adversary eavesdrops on the line and possibly gets the sender to encrypt a message of the adversary’s choice and/or gets the sender to decrypt a ciphertext of the adversary’s choice • Key-oblivious: choice of plaintext does not depend on the key • Key-dependent: choice of plaintext does depend on the key
Types of Attacks • Chosen Plaintext Attacks • Attacker obtains the encryption of any plaintext of its choice (under the key being attacked) • Chosen Ciphertext Attacks • Attacker obtains the decryption of any ciphertext of its choice (under the key being attacked)