Lecture 2 Secret Key Cryptography
Lecture 2 Secret Key Cryptography
Cryptography
Modern Ciphers
Block ciphers vs. Stream Ciphers
Block ciphers operate on a block of data
entire block must be available before processing
Modern Ciphers
Stream ciphers
process messages one
bit or byte at a time
when en/decrypting
need not wait the
entire block
Caution: There
is an error in
the book
E-D-E sequence
use of decryption at the second stage does not reduce/increase the
security
Why decryption in the middle stage?
Triple-DES with three keys
For those who feel some concern about the attacks on two-key 3-DES
E-D-E sequence
C = EK3[DK2[EK1[P]]]
has been adopted by some Internet applications, eg PGP, S/MIME
Blowfish
Developed by Bruce Schneier
author of the book Applied Cryptography
64-bit of block size
Key size is variable
one to fourteen 32-bit blocks
32 to 448 bits
provides a good trade-off between security and performance
Output
FeedBack
(OFB)
IV
Counter (CTR)
similar to OFB but encrypts counter value
rather than any feedback value
For the same key, the counter value should
not repeat
same problem as in OFB
efficient
can do parallel encryptions
Cryptographic part of the process (encryption
blocks) is performed in advance of need
good for bursty high speed links
Counter
(CTR)
Random Numbers
Many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay
session keys
public key generation
keystream for stream ciphers
Characteristics of random numbers
Statistical randomness
Uniform distribution of zeros and ones
İndependence of the bits in the sequence
Unpredictability of future values from previous values
True random numbers provide these but very hard
to obtain and use in practice
Pseudorandom Number
Generators (PRNGs)
often use deterministic algorithmic techniques to create
“random numbers”
although are not truly random
can pass many tests of “randomness”
known as “pseudorandom numbers”
created by “Pseudorandom Number
Generators (PRNGs)”
Pseudorandom Number Generators and
Psuedorandom Functions
keystream keystream
Some Stream Cipher Design
Considerations
A PRNG should eventually repeat
long period makes cryptanalysis difficult
statistically randomness
e.g. approx. equal number of 0’s and 1’s
large enough key (128-bit would be good to guard against brute-force
attacks)
Stream Ciphers
randomness of keystream destroys any
statistical properties in the message
as in Vernam cipher and one-time pads
Better than block ciphers in terms of
code space (implementations are simple)
throughput (faster per bit en/decryption)
but must never use the same keystream more
than once
otherwise the cryptanalyst can XOR two ciphertext
streams and find out XOR of two plaintext streams
not so difficult to crack
Stream Ciphers
are useful if data are transferred as a stream
web browser
voice
video
actually any block cipher can be used as a stream cipher
CFB mode of operation (and OFB and CTR )
RC4
Ron’s Code 4
Yet another cipher designed by Ron Rivest
owned by RSA Inc.
was kept as a trade secret, but in 1994 anonymously posted on the
Internet
variable key size, byte-oriented stream cipher
simple but effective
8 to 16 machine operations per output byte
widely used (SSL/TLS, WEP/WPA)
Some attacks reported, but not practical for key size greater
than 128-bit
However, WEP has a problem due to RC4 key generation
not a problem of RC4 in particular
and other symmetric ciphers
CAST
Skipjack
Serpent
Twofish
RC6
Mars
SAFER+