L3 SymmetricCipher
L3 SymmetricCipher
No. Topic
1 Security principles and practices
2 Classic Ciphers
3 Symmetric Ciphers
4 Asymmetric Ciphers & Public key crytosystems
5 Communication security across different layers
2
CRYPTOGRAPHIC SYSTEMS
• Characterized along 3 independent dimensions:
A block of plaintext
is treated as a Typically a block
whole and used to size of 64 or 128
produce a bits is used
ciphertext block of
equal length
• In practise: [64 to 256] k-bits input & output, ≥ 8 S-box iterations (rounds), ≥ 10
stages
Components of a modern block cipher
31.10
PRODUCT CIPHERS BASIS: DIFFUSION
AND CONFUSION
• Terms introduced by Claude Shannon in 1949 to capture the two basic
principles for any cryptographic system
• Objective: thwart cryptanalysis based on statistical analysis
Diffusion
• The statistical structure of the plaintext is dissipated into long-range statistics of
the ciphertext
• This is achieved by having each plaintext digit affect the value of many
ciphertext digits e.g. averaging operation
Confusion
• Seeks to make the relationship between the statistics of the ciphertext and the
value of the encryption key as complex as possible
• Even if the attacker can get some handle on the statistics of the ciphertext, the
way in which the key was used to produce that ciphertext is so complex as to
make it difficult to deduce the key
FEISTEL CIPHER
• Proposed the use of a cipher that alternates
substitutions and permutations
• Each plaintext element or group of elements is
Substitutions uniquely replaced by a corresponding ciphertext
element or group of elements
Ease of analysis
to cryptanalytic
vulnerabilities
FEISTEL CIPHER
DECRYPTION
• Use ciphertext as input & the subkeys Ki
in reverse order, such that the output of
the ith encryption round corresponds to
output of the (16–i)th decryption round
• In 1999, NIST issued a new version (FIPS PUB 46-3): DES should be used only
for legacy systems and triple DES otherwise.
DES OPERATION
• Splitting
• Expansion Permutation (E)
• Round Key Addition (XOR)
• Substitution (S-box)
• Permutation (P)
22
DES: 8 S-boxes
• Input: 6 bits
(6 x 8 = 48)
• Output: 4 bits
(4 x 8 = 32)
23
EXAMPLE 2:
DES
26!
BLOCK CIPHER DESIGN PRINCIPLES:
NUMBER OF ROUNDS
In general, the
criterion should be If DES had 15 or
The greater the that the number of fewer rounds,
number of rounds, rounds is chosen so differential
the more difficult it is that known cryptanalysis would
to perform cryptanalytic efforts require less effort
cryptanalysis require greater than a brute-force
effort than a simple key search
brute-force key
search attack
BLOCK CIPHER DESIGN PRINCIPLES:
DESIGN OF FUNCTION F
• The heart of a Feistel block The algorithm should have good
cipher is the function F avalanche properties
• The more nonlinear F, the more
Strict Bit
avalanche independence
difficult any type of criterion (SAC) criterion (BIC)
cryptanalysis will be
• The SAC and BIC criteria
appear to strengthen the States that any output bit States that output bits j
j of an S-box should and k should change
effectiveness of the confusion change with probability
1/2 when any single
independently when
any single input bit i is
function input bit i is inverted for
all i , j
inverted for all i , j ,
and k
BLOCK CIPHER DESIGN PRINCIPLES:
KEY SCHEDULE ALGORITHM
• With any Feistel block cipher, the key is used to generate one subkey
for each round
• In general, we would like to select subkeys to maximize the difficulty of
deducing individual subkeys and the difficulty of working back to the
main key
• It is suggested that, at a minimum, the key schedule should guarantee
key/ciphertext Strict Avalanche Criterion (SAC) and Bit Independence
Criterion (BIC)
DOUBLE DES
MEET-IN-THE-MIDDLE ATTACK
Backward compatibility
with DES is provided by • K3 = K2 or K1 = K2
putting:
• Each block and key size combination has different number of rounds
• Most common AES-128 (4x4 = 16 bytes key): 10 rounds
AES
ENCRYPTION
PROCESS
• Round 0: Initial single transformation
(AddRoundKey)
The key that is provided as input is expanded into an array of (R+1) 32-bit words, w[i] to
cater initial stage AddRoundKey stage
AES:
KEY
EXPANSION
•e.g. 10 rounds
AES: Takes as
input a 4-word
(16 byte) key and
produces a linear
array of 44 words
(176) bytes
AES
ENCRYPTION &
DECRYPTION
• Alternating operations of XOR
encryption (AddRoundKey) of a
block, followed by scrambling of
the block (the other 3 stages),
followed by XOR encryption, and
so on
• Only the AddRoundKey stage
makes use of the 4-byte expanded
key.
• Each stage is easily reversible
AES ENCRYPTION &
DECRYPTION
• two separate software/firmware modules are needed for applications
that require both encryption and decryption (costly).
• Solution: interchange InverseShiftRows & InverseSubBytes + interchange
AddRoundKey & InverseMixColumns a change in key schedule is
needed.
41
4 encryption/decryption stages:
• Substitute bytes – uses an S-box to perform a byte-by-byte substitution of the block
• ShiftRows – a simple permutation
• MixColumns – a substitution that makes use of arithmetic over GF(28)
• AddRoundKey – a simple bitwise XOR of the current block with a portion of the expanded key
AES: S-Box (encryption)
(a) S-box
AES: IS-Box (decryption)
(b) Inverse S-box
AES
BYTE
LEVEL
OPERATIONS
AES: SHIFT ROW TRANSFORMATION
AES: MIX COLUMN TRANSFORMATION
AES: MIXCOLUMN TRANSFORMATION RULE
48
AES
EXAMPLE:
KEY
EXPANSION
54
BLOCK CIPHER MODES OF OPERATION
• Hardware efficiency
• Software efficiency
• Pre-processing
• Random access
• Provable security
• Simplicity