Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Electrical Engineering
  3. Microelectronics

Introduction to Symmetric Ciphers

advertisement 
SYMMETRIC
CRYPTOGRAPHY
THE BASICS
SYMMETRIC CRYTPOGRAPHY
Symmetric key cryptography literally means that the same
key is used to encrypt the message and to decrypt it. So
the keys are ‘symmetric’. It is important to keep in mind that
symmetric algorithms are always faster than asymmetric,
but do have the issue of how to exchange the keys.
BLOCK CIPHER V STREAM CIPHER
There are two types of symmetric algorithms. They
are block ciphers and stream ciphers. A block cipher
literally encrypts the data in blocks. 64 bit blocks
are quite common, although some algorithms (like
AES) use larger blocks. For example AES uses a 128
bit block. Stream ciphers encrypt the data as a
stream, one bit at a time.
SUBSTITUTION & TRANSPOSITION
Substitution is changing some part of the plain text for
some matching part of cipher text. The Caesar and
Atbash ciphers are simple substitution ciphers. The
vigenere cipher is a bit more complex, but is still a
substitution cipher. In fact all of these examples are
called simple substitution. Because each single
character of plain text is converted into a single
character of cipher text.
SUBSTITUTION & TRANSPOSITION
Transposition is the swapping of blocks of cipher text.
For example If you have the text “I like icecream”
You could transpose or swap every three letter
sequence (or block) with the next and get:
“ikeI l creiceam”
Of course modern transposition is at the level of bits,
or rather blocks of bits. However this illustrates the
concept.
SUBSTITUTION & TRANSPOSITION
Most (if not all) modern block cipher algorithms use both
substitution and transposition.
The combination of substitution and transposition increases
the security of the resultant cipher text.
SYMMETRIC BLOCK CIPHER
ALGORITHMS
There are a number of symmetric block cipher algorithms. We will examine the most
widely used and those with the most influence on the field of cryptography.









The Feistel Network
DES
3DES
AES
Blowfish
Twofish
Skipjack
IDEA
Serpent
LUCIFER
• Early 1970s: this was the first significant civilian cipher. Developed by
Horst Feistel at IBM
• Lucifer (v0):
• Two fixed, 4x4 s-boxes,
•
•
•
S0 & S1
A fixed permutation P
Key bits determine
which s-box is to be
used at each position
8 x 64/4 = 128 key bits
(for 64-bit block, 8 rounds)
THE FEISTEL FUNCTION
This function is named after its inventor, the Germanborn physicist and cryptographer Horst Feistel.
At the heart of most block ciphers is a Feistel function.
This function forms the basis for most block ciphers. This
makes it one of the most influential developments in
symmetric block ciphers. It is also known as a Feistel
Network or a Feistel cipher.
THE FEISTEL FUNCTIONCONTINUED
This function starts by splitting the bock of plain text data (often 64 bits) into two
parts (traditionally termed L0 and R0)
The round function F is applied to 1 of the halves. The term ‘round function’ simply
means a function performed with each iteration, or round, of the Feistel cipher. The
details of the round function F can vary with different implementations. Usually
these are relatively simple functions, to allow for increased speed of the algorithm.
The output of each round function F is then xor’d with the other half. What this
means is that, for example, you take L0, pass it through the round function F, then
take the result and xor it with R0.
Then the halves are transposed. So L0 gets moved to the right and R0 gets moved to
the left.
This process is repeated a given number of times. The main difference between
cryptography algorithms is the exact nature of the round function F, and the number
of iterations.
A SIMPLE VIEW OF A SINGLE ROUND
THE FEISTEL FUNCTION - CONTINUED
• Here is a general overview of a basic round of a Feistel
cipher.
Block from the Plain Text
½ of block L0
Round Function F
Output of F
½ of block Ro
XOR
Output of XOR of
Output of F And Ro
FEISTEL BASICS
Used in DES, CAST-128, BlowFish, TwoFish, RC5, and many
other ciphers. Probably one of the most widely used
concepts in block ciphers.
Michael Luby and Charles Rackoff analyzed the Feistel
cipher construction and proved that if the round function is a
cryptographically secure pseudorandom function, then 3
rounds is sufficient to make the block cipher a
pseudorandom permutation, while 4 rounds is sufficient to
make it a "strong" pseudorandom permutation
BASIC SECURITY FACTS
• Larger Block sizes increase security.
• Larger Key sizes increase security.
• If the round function is secure, then more rounds increase
security.
UNBALANCED FEISTEL CIPHER
There is a variation of the Feistel network called an
Unbalanced Feistel cipher. Unbalanced Feistel ciphers use a
modified structure where L0 and R0 are not of equal
lengths. This means that L0 might be 32 bits and R0 could be
64 bits (making a 96 bit block of text). This variation is
actually used in the Skipjack algorithm which we will be
examining.
DES
The Data Encryption Standard is a classic in that annals of cryptography.
It was selected by the National Bureau of Standards as an official
Federal Information Processing Standard (FIPS) for the United States in
1976. While it is now considered outdated and is not recommended for
use, it was the premier block cipher for many years and bears study.
Many cryptography textbooks and university courses use this as the basic
Processing Standard (FIPS) for the United States in 1976
DES uses a 56-bit key applied to a 64 bit block. (note there is actually a
64 bit key generated but 8 bits are just for error correction.)
DES is a Feistel cipher with 16 rounds and a 48-bit round key for each
round. So its general functionality follows the Feistel method of dividing
the 64 bit block into two halves (32 bits each, this is NOT an unbalanced
Feistel cipher) , applying the round function to one half, then xor’ing that
output with the other half.
DES KEY GENERATION
• To generate the round keys, the 56-bit key is split into two
28-bit halves and those halves are circularly shifted after
each round by one or two bits. This means each round it
uses a slightly different key.
DES KEY GENERATION
• Then 48 bits from those to halves are selected and
permuted to form the round key.
DES ALGORITHM
• Expand the 32-bit half that is going to be
fed into the round function, to 48 bits, this
is done by replicating some bits.
• XOR the resultant 48 bits with the 48-bit
round key.
DES ALGORITHM - CONTINUED
• Split the result into 8 6-bit sections
• Pass each of these 6 bit portions
through a different S-box. Each s-box
produces a 4 bit output, giving a
total of 32 output bits
FIRST FOUR S BOXES OF DES
This table lists the eight S-boxes used in DES. Each S-box replaces a 6-bit input with a 4bit output. Given a 6-bit input, the 4-bit output is found by selecting the row using the
outer two bits, and the column using the inner four bits. You can find this table in many
sources
SECOND SET OF FOUR S-BOXES
3 DES
Eventually it became obvious that DES would no longer
be secure. The U.S. Federal government began a
contest seeking a replacement cryptography
algorithm. However in the meantime 3DES was
created as an interim solution. Essentially it does DES
three times, with three different keys.
Triple DES uses a "key bundle" which comprises three
DES keys, K1, K2, and K3. Each key is standard 56
bit DES key.
DESX
• This is a variation of DES that uses a technique called
‘Key Whitening’
• Just xor a key with the text either before the round
function, after the round function, or both
WHITENING
plain text block for
round
XOR
Random key same size
as block
pseudo plain text
round function
plain text block for
round
plain text block for
round
XOR
pseudo plain text
Random key same size
as block
round function
XOR
Random key same
size as block
pseudo plain text
round function
XOR
Random key same
size as block
GOST
•
GOST is a DES like algorithm developed by the Soviets in the 1970's. It was
classified but released to the public in 1994. It uses a 64 bit block and a key of
256 bits. It is a 32 round Feistel Cipher.
•
•
•
•
The round function is
•
•
•
The Key Schedule is:
•
the s boxes take in four bit input and put out 4 bit out put (there are 8 of them).
Some implementations have secret s boxes.
1. Add the subkey modulo 2
2. Put the result through s-boxes
3. rotate the result 11 bits
1. Divide the 256 bit key into 8 32 bit sub keys
2. Each sub key is used four times
REPLACING DES
•
•
•
•
Between 1972 and 1974 NIST issued the first public request for an
encryption standard. As a result DES became the accepted encryption
standard. Although this algorithm was very popular, it has always been
surrounded by controversy as many cryptographers objected to the
“closed-door” design of the algorithm. There was also a suspicion that
NSA planted a “back-door” in the algorithm, as NSA modified it before
it was standardized, although none was able to prove this until now.
Furthermore the key length of DES became to small for acceptable
commercial security, so as a interim solution Triple-DES was used for a
while because it provided increased security.
Responding to the desire to replace DES with stronger and more reliable
algorithm, NIST announced another public request for an encryption
standard, called Advanced Encryption Standard(AES), in 1997.
Twofish is one of the candidates that made it to the final round of the
AES program.
NIST GENERAL CRITERIA FOR AES
•
•
•
•
A 128-bit symmetric block cipher.
•
Flexible design: e.g., accept additional key lengths; be implementable on a
wide variety of platforms and applications; and be suitable for a stream
cipher, hash function, and MAC.
•
Simple design, both to facilitate ease of analysis and ease of
implementation.
Key lengths of 128 bits, 192 bits, and 256 bits.
No weak keys.
Efficiency, both on the Intel Pentium Pro and other software and hardware
platforms.
AES COMPETITION REQUIREMENTS
•
private key symmetric block cipher
•
128-bit data, 128/192/256-bit keys
•
stronger & faster than Triple-DES
•
provide full specification & design details
•
both C & Java implementations
•
NIST have released all submissions & unclassified analyses
AES SHORTLIST
• after testing and evaluation, shortlist in Aug-99:
• MARS (IBM) - complex, fast, high security margin
• RC6 (USA) - v. simple, v. fast, low security margin
• Rijndael (Belgium) - clean, fast, good security margin
• Serpent (Euro) - slow, clean, v. high security margin
• Twofish (USA) - complex, v. fast, high security margin
• then subject to further analysis & comment
• saw contrast between algorithms with
•
•
few complex rounds versus many simple rounds
Refined versions of existing ciphers versus new proposals
RIJNDAEL CIPHER (AES)
Advanced Encryption Standard was ultimately chosen as a
replacement for DES. AES is also Known as Rijndael block cipher. It
was officially designated as a replacement for DES in 2001 after a
5 year process involving 15 competing algorithms. AES is
designated as FIPS 197. Other algorithms that did not win that
competition include such well known algorithms as Twofish.
AES can have three different key sizes, they are:128, 192, or 256
bits. The three different implementations of AES are referred to as
AES 128, AES 192, and AES 256. All three operate on a block size
of 128 bits.
This algorithm was developed by two Belgian cryptographers, Joan
Daemen and Vincent Rijmen. Unlike both DES And 3DES, AES is not
based on a Feistel network.
AES CONTINUED
• This uses a substitution-permutation matrix rather than a
Feistel network
• AES operates on a 4×4 column-major order matrix of
bytes, termed the state (versions of AES with a larger
block size have additional columns in the state).
AES GENERAL OVERVIEW
•
1.Key Expansion—round keys are derived from the cipher key
using Rijndael's key schedule
•
2.Initial Round
•
•
•
1.AddRoundKey—each byte of the state is combined with the round
key using bitwise xor
3.Rounds
•
1.SubBytes—a non-linear substitution step where each byte is
replaced with another according to a lookup table.
•
2.ShiftRows—a transposition step where each row of the state is
shifted cyclically a certain number of steps.
•
3.MixColumns—a mixing operation which operates on the columns
of the state, combining the four bytes in each column.
•
4.AddRoundKey
4.Final Round (no MixColumns)
•
•
1.SubBytes
2.ShiftRows
AES SPECIFICS
• In the SubBytes step, each byte in the matrix is substitued for another
byte using an 8-bit substitution box, called the Rijndael S-box
• The ShiftRows step by shifting the bytes in each row by a certain
amount. The first row is left unchanged. The second row is shifted one
to the left. The third row by two, etc.
• In the MixColumns step, the four bytes of each column of the state
are combined using an invertible linear transformation. This takes four
bytes as input and outputs four bytes. Together with ShiftRows,
MixColumns provides diffusion in the cipher.
AES SPECIFICS
• In the AddRoundKey step, the subkey is xord with the
state. For each round, a subkey is derived from the main
key using Rijndael's key schedule; each subkey is the
same size as the state.
RIJNDAEL S BOXES
• The S-box is generated by determining the multiplicative
inverse for a given number in GF(28) = GF(2)[x]/(x8 + x4 +
x3 + x + 1), Rijndael's finite field (zero, which has no inverse, is
set to zero). The multiplicative inverse is then transformed using
the following affine transformation:
• The matrix math continues until the S Box is produced. There are
alternate implementations including the inverse box.
Sub Bytes
Subbytes
InvSubBytes
InvSubBytes
AES KEY SCHEDULING
• Takes 128-bit (16-byte) key and expands into array of
44 32-bit words
TWOFISH
• This algorithm was one of the five finalist to replace DES
for the U.S. Government, but was not chose. It uses a
block size of 128 bits and key sizes up to 256 bits. It is a
Feistel cipher.
• It was designed by Bruce Schneier, John Kelsey, Doug
Whiting, David Wagner, Chris Hall, and Niels Ferguson.
SKIPJACK
 Developed by the NSA, and was designed for the clipper
chip. It was originally classified. The clipper chip was a chip
with built in encryption, however the decryption key would be
kept in a key escrow in case law enforcement need to
decrypt data without the computer owners cooperation. This
feature made the process highly controversial.
 Skipjack uses an 80-bit key to encrypt or decrypt 64-bit
data blocks. It is an unbalanced Feistel network with 32
rounds
IDEA
• Another symmetric algorithm. The International Data
Encryption Algorithm (IDEA) is a block cipher. The
algorithm was published in 1991 and was designed by
James Massey and Xuejia Lai.
•
IDEA operates on 64-bit blocks and has a 128-bit
key. The algorithm consists of a series of eight identical
transformations (each round) and an output
transformation. It was designed as a replacement for
DES.
SERPENT
• Serpent has a block size of 128 bits and can have a key
size of 128, 192 or 256 bits, much like AES. The
algorithm is also a substitution-permutation network like
AES. It uses 32 rounds working with a block of four 32-bit
words. Each round applies one of eight 4-bit to 4-bit Sboxes 32 times in parallel. Serpent was designed so that
all operations can be executed in parallel.
DESCRIPTION OF SERPENT
• Parameters
• Key size: 128, 192, 256bits
• Block size: 128bits
• Number of rounds: 32
• Operations
•
• 8 substitution tables (S-boxes)
• Linear transformation
• Key schedule
P-BOXES AND S-BOXES
An s-box is just a substitution box. It defines that each of the
input bits are substituted with a new bit.
A p-box, or permutation box is a variation on the s-box.
Instead of each input bit being mapped to a bit in found in
a lookup table, the bits that are input are transposed or
permuted. Some may be transposed, and others left in
place. For example a 6 bit p-box may swap the 1st and 4th
bits, swap the 2nd and 3rd bit, but leave the 5th bit in place.
BLOWFISH
Blowfish is a Symmetric Block Cipher. designed in 1993 by
Bruce Schneier. Schneier has stated that, "Blowfish is
unpatented, and will remain so in all countries. The
algorithm is hereby placed in the public domain, and can
be freely used by anyone."
This cryptography algorithm is intended as a replacement
for DES. Like DES it is a 16 round Feistel cipher working on
64 bit blocks. However, unlike DES it can have varying key
sizes ranging from 32 bits to 448 bits.
BLOWFISH
•
1993: designed by Bruce Schiener as a licence-free
replacement for DES
•
a Feistel Network, iterating a simple encryption function 16
times.
•
a symmetric block cipher. It has a 64-bit block size
•
a variable key length from 32 bits to 448 bits
•
Uses simple operations that are efficient on microprocessors.
e.g. exclusive-or, addition, table lookup (four indexed array
data lookups per round), modular- multiplication.
BLOWFISH
•
does not use variable-length shifts or bit-wise permutations, or
conditional jumps.
•
Employs precomputable subkeys:
•
•
On large-memory systems, these subkeys can be precomputed for
faster operation.
•
Not precomputing the subkeys will result in slower operation, but it
should still be possible to encrypt data without any precomputations.
It is significantly faster than most encryption algorithms when
implemented on 32-bit microprocessors with large data caches.
BLOWFISH
•
DES operates on Right Half whereas Blowfish: operates on Left Half of
data
(DES is designed for Big-Endians machines, whereas Blowfish is
designed for Little endian; Intel processors are Little Endian.
•
•
Little Endian: increasing numeric significance with increasing
memory addresses or increasing time; The LSB is at the lowest
address. The other bytes follow in increasing order of significance.
•
Big Endian: MSB stored at the lowest address and the next byte
value in significance is stored at the next memory location. )
Blowfish algorithm consists of two parts: key expansion and data
encryption.
BLOWFISH KEY SCHEDULE ALGORITHM
(SUB-KEYS GENERATION ALGORITHM)
• Data encryption consists of a simple function
iterated 16 times. Each round
consists of
• a key-dependent permutation, and
• a key- and data-dependent
substitution.
• Blowfish uses a large number of subkeys. These keys
must be precomputed before any data encryption
or decryption.
TWO FISH -GENERAL DESCRIPTION
• 128-bit block
• 128, 192, or 256-bit key
• 16 rounds
• Works in all standard modes
• Encrypts data in:
• 18 clocks/byte on a Pentium
• 16.1 clocks/byte on a Pentium Pro
Related documents
Symmetric Key Block Ciphers - Northern Kentucky University
Symmetric Key Block Ciphers - Northern Kentucky University
CIS 5371 Cryptography
CIS 5371 Cryptography
Block Ciphers and DES - St. Cloud State University
Block Ciphers and DES - St. Cloud State University
On Boolean functions, symmetric cryptography and algebraic coding
On Boolean functions, symmetric cryptography and algebraic coding
Lecture slides
Lecture slides
Claire Addison - Foundation Scotland
Claire Addison - Foundation Scotland
Open Vigenère table in Excel Open Rogue`s Gallery next
Open Vigenère table in Excel Open Rogue`s Gallery next
AES Encryption
AES Encryption
Secret Codes
Secret Codes
Download
advertisement