Scribd
Upload
80 views

CS 475: Lecture 6: Symmetric Key Cryptography

This document provides a summary of a lecture on symmetric key cryptography: 1) Symmetric key cryptography uses the same key for encryption and decryption. It covers topics like the Vernam cipher, block ciphers like DES and AES, modes of operation like ECB and CBC, and cryptanalysis techniques like differential and linear cryptanalysis. 2) AES is now the standard replacing DES. It uses a 128-bit block size and supports 128, 192, or 256-bit keys. It provides strong security even against powerful adversaries. 3) Modes of operation like CBC are needed when encrypting messages longer than the block size to prevent patterns that weaken security.

Uploaded by

J A Y T R O N
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views

CS 475: Lecture 6: Symmetric Key Cryptography

This document provides a summary of a lecture on symmetric key cryptography: 1) Symmetric key cryptography uses the same key for encryption and decryption. It covers topics like the Vernam cipher, block ciphers like DES and AES, modes of operation like ECB and CBC, and cryptanalysis techniques like differential and linear cryptanalysis. 2) AES is now the standard replacing DES. It uses a 128-bit block size and supports 128, 192, or 256-bit keys. It provides strong security even against powerful adversaries. 3) Modes of operation like CBC are needed when encrypting messages longer than the block size to prevent patterns that weaken security.

Uploaded by

J A Y T R O N
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

CS 475 : Lecture 6

Symmetric Key Cryptography


Rachel Greenstadt
April 28, 2015
Reminders

• Project 1 due Thursday


• Midterm on Tuesday (in class review on
Thursday)
Why study
cryptography?

• Where does it impact computer and


network security?
Cryptography
• Symmetric key cryptography (secret key crypto):
sender and receiver keys identical
• Asymmetric key cryptography (public key crypto):
encryption key public, decryption key secret (private)
Vernam Ciphers
• XOR cipher - encryption and decryption the same,
Block of data XOR key
• Vernam’s cipher used a message with a paper tape
loop that read off the key
• More modern versions use a pseudorandom
number generator (stream cipher)
• One-time pad - If key perfectly random AND only
used once, then perfect secrecy is assured
• Drawbacks?
Reusing one-time pads
M1 K1 E1

M2 K1 E2

E1 E2

=
Old School
Cryptography
• Caesar cipher - shift cipher (each letter replaced by
one a fixed length down)

• “Veni, vidi, vici” -> “Yhql, ylgl, ylel”


• Monoalphabetic substitution : substitute one letter
for another

• S-box - bit level substitution


• Transposition - Permute the order of the message
• P-box - bit level transposition
Cryptogram exercise

• Shift? Transposition? Substitution?:


•fqjcb rwjwj bnkhj whxcq
nawjv nfxdu mbvnu ujbbf nnc
Multiple Round Ciphers
• Multiple rounds of complex ciphers made
up of permutations, substitutions, xor, etc
• Examples DES, AES
• DES not so secure because key too short
• Hard to understand, little proof of security
(except that if anyone knows how to break
they’re not telling)
DES - Data Encryption
Standard
• Encrypts by series of substitution and transpositions.
• Based on Feistel Structure
• Use P-Boxes, S-boxes, and XOR to create “confusion and diffusion”

• Iterative structure easy to implement in hardware

• Other Feistel-based algorithms: Blowfish, Camellia, CAST-128, DES,

FEAL, ICE, KASUMI, LOKI97, Lucifer, MARS, MAGENTA, MISTY1, RC5,


TEA, Triple DES, Twofish, XTEA, GOST_28147-89
• Worldwide standard for more than 20 years.
• Has a history of controversy.
• Designed by IBM (Lucifer) with later help (interference?) from NSA.
• No longer considered secure for highly sensitive applications.
• Replacement standard AES (advanced encryption standard) recently
completed.
Data Encryption
Standard (DES)
Only 56
bits used by
algorithm, rest
for parity
One Round of DES
DES Function
S-boxes: S1
0 1 10 11 100 101 110 111 1000 1001 1010 1011 1100 1101 1110 1111

10

11

Is the table entry from

S(011001) = 6 = 0110
Cryptanalysis
• Differential cryptanalysis
• chosen plaintext attack (obtain ciphertexts for sets of plain texts of
attacker’s choice) 247 plaintext for 16 round DES

• Use similar sets of plaintexts to trace through the permutations and look
for nonrandom patterns in the ciphertexts

• Linear cryptanalysis
• known plaintext attack - attacker has samples of plaintext/ciphertext pairs,
243 pairs needed for DES

• Construct linear equations relating keys, plaintext, and ciphertext


DES Security
• DES not too susceptible to differential or linear
cryptanalysis

• BUT, 56-bit key is just too short


• EFF’s Deep Crack breaks in 56 hours (1998) for
$250,000

• distributed.net and Deep Crack 22 hours (1999)


• COPACOBANA FPGA machine $10,000, 6.4 days
per key
Double DES (Multiple
Encryption)
• Encrypt twice with two keys

K1 K2
MEET-IN-THE MIDDLE ATTACK
• Known plaintext attack (i.e. have crib P1 &
C1) P E E C
• For all K1 encrypt P1: list all results in Table
T
T
• For each K2 decrypt C1 -> X. If X in T,
* find X *
check K1 & K2 with new crib (P2, C2). If
okay then keys found. P E XD C
1 1
• Reduces 2112 to 256 for Double DES, but T
is huge!
Triple DES
TRIPLE DES WITH 2 KEYS (EDE2) 


 K1 K2 K1
• 3 keys considered unnecessary 


• Cost of 2 key attack is thus 2112


P E D E C

• 2nd Stage is decryption because if


K2=K1 we gain backward
compatibility with Single DES

• Available in PEM (Privacy Enhanced K1 K2 K3


Mail), PGP, and others.
E D E
TRIPLE DES WITH 3 KEYS (EDE3) P C
• Preferred by some
Data Lifetime and
Security
• List three types of data whose lifetime
(amount of time for which confidentiality
protection is needed) is approximately one
day. List three whose lifetime is closer to
one year. List three whose lifetime is closer
to one century.
Advanced Encryption
Standard (AES)
• 1997 NIST solicited proposals for a new Advanced Encryption Standard
(AES) to replace DES.

• 5 algorithms shortlisted: Rijndael won (by Joan Rijmen and Vincent Daemen
from Belgium), AES has only minor changes

• NIST estimated that a machine that could break a 56-bit DES key in 1
second would take 149 trillion years to crack a 128-bit AES key

• NSA approved for classified data


AES overview
Byte - b7b6b5b4b3b2b1b0
Ø Bytes represent finite field elements in GF(28), GF means “Galois Field”

Ø Correspond to a 8 term polynomial, with 0 or 1 coefficients.


7 6 5 4 3 2
b 7 x + b 6 x + b 5 x + b 4 x + b 3 x + b 2 x + b 1x + b 0

Example:

x6 + x5 + x3 + x2 + 1 polynomial

{0110 1101} binary

6D hex
State - the 128-bit input
Ø State is a 4 by 4 array of bytes, initialized (col-by-col) with the 16-byte plaintext block (see
below)

Ø Final value of state is returned as ciphertext

State 0 1 2 3
0 in[0] in[4] in[8] in[12]
1 in[1] in[5] in[9] in[13]
2 in[2] in[6] in[10] in[14]
3 in[3] in[7] in[11] in[15]

Ø Bytes of State correspond to finite field elements in GF(28)


Ø Columns of State correspond to WORDS, i.e. 4-term polynomials with finite field
elements in GF(28), as coefficients.
Encrypt Block
(Cipher) // simplified
encrypt (plaintext, roundkey)
state = plaintext // note plaintext is 1-dim., state 2-dim.
state = AddRoundKey (state, roundkey[0])
for round = 1 to ROUNDS
state = SubBytes (state)

state = ShiftRows (state)
if round < ROUNDS then state = MixColumns (state)
state = AddRoundKey (state, roundkey[round])
end
return state // convert to 1-dim. and return as ciphertext
SubBytes Transformation

Change each byte of state with corresponding byte from SBOX


matrix: SBOX [X,Y] = AffineTranformation({XY}-1 )
Affine Transformation does a matrix multiplication followed by
vector addition
Shift Rows

In the ShiftRows step, bytes in each row of the state are


shifted cyclically to the left. The number of places each
byte is shifted differs for each row.
Mix Columns

In the MixColumns step, each column of the state is


multiplied with a fixed polynomial c(x).
Add Round Key

In the AddRoundKey step,


each byte of the state is
combined with a byte of the
round subkey using the XOR
operation (⊕).
DecryptBlock
decrypt (ciphertext, roundkey)
state = ciphertext // note cipher is 1-dim., state 2-dim.
state = AddRoundKey (state, roundkey[ROUNDS])
for round = ROUNDS-1 to 0
state = InvShiftRows (state) // ShiftRows inverse mode
state = InvSubBytes (state) // SubBytes inverse mode
state = AddRoundKey (state, roundkey[round])
if round > 0 then state = InvMixColumns (state)
end
return state // convert to 1D and return as plaintext
Security of AES
• Most successful attacks are side-channel attacks
• Side-channel attacks use weaknesses in the physical implementation of the
system, not the algorithm or brute-force keycracking

• D.J. Bernstein showed that delays in encryption time due to cache misses can
be used to infer key, demonstrated against a custom remote server using
OpenSSL’s AES implementation, Osvik et al showed that local attacks could
infer the key in 65 milliseconds

• Theoretical “XSL attack” in 2002 suggests some problems with the


mathematics, no practical demonstration
What if your message is
longer than the block?
Electronic CodeBook
(ECB)
Problems with ECB
Cipher Block Chain

34
Other modes of
operation
• Propagating cipher-block chaining (PCBC)-
propagate small changes in ciphertext

• Cipher feedback (CFB) - self-synchronizing stream


cipher

• Output feedback mode (OFB) - synchronous


stream cipher, errors don’t propagate, but easier to
attack

• Examples about which to use?


Problems with
Symmetric Key Crypto
• Scalability - separate communication between N
people requires N(N-1)/2 keys

• Key management
• Key distribution
• Key storage and backup
• Key disposal
• Key change

You might also like