Add to collection(s) Add to saved
  1. No category

Cryptography part 2

advertisement 
Rotor Machines
Combine Substitution and Transposition
Methods
• produce ciphers that are very difficult to
break
Rotor Machines in World War II: German
“Enigma” and Japanese “Purple”
• Breaking by the Allies was a significant
factor in the outcome of the war (Turing)
8. Cryptography part 2
1
Example of Rotor Machine
8. Cryptography part 2
2
Concealment Cipher
Message within a message:
Example – third word in each sentence matters:
GMU students take the security class very seriously.
They study a good eight hours a day, each day.
They can break many of the classical ciphers.
8. Cryptography part 2
3
Symmetric (Secret Key)
Cryptography
8. Cryptography part 2
4
Conditional Cryptography
Cryptographic schemes that do not have a
mathematical proof that they are 100% secure
• An opponent can break the scheme if unlimited
text, computing power, and time is available
• Strength of the scheme relies on assumption that
attacker does not have sufficient resources (text,
time, computers, money, etc.) to break the
scheme
All modern practical cryptographic schemes
are only conditionally secure
8. Cryptography part 2
5
Xor = Exclusive OR
8. Cryptography part 2
6
Notation
• A – Alice (a party)
• B – Bob (another party)
• E – Eve (eavesdropper / attacker)
• M – Message (plaintext, sometimes secret)
• K – Key (very secret)
• C – Cipher (ciphertext, seen by attacker)
• ENC – Encryption (secret / known)
• DEC – Decryption (secret / known)
• AUTH – Authentication (secret / known)
• VER – Verification (secret / known)
8. Cryptography part 2
7
Symmetric Encryption
• A encrypts the message M using the algorithm ENC with the key K to obtain
the ciphertext C
• B decrypts the ciphertext C using the algorithm DEC with the key K to
obtain the message M
• Key K is symmetric, secret, and known only to A and B
8. Cryptography part 2
8
DES (Data Encryption Standard)
• In 1973, NBS (National Bureau of Standards,
now NIST) wrote an RFP (Request for
Proposals) for a commercial encryption standard
• IBM proposed its strong Lucifer algorithm
(developed by Feistel and others)
• NSA (National Security Agency) asked for a
weaker Lucifer (by shortening the key) and also
made changes to IBM’s algorithm
• Data Encryption Standard (DES) accepted in
1976 and expired 22 years later, in 1998
8. Cryptography part 2
9
DES Design Criteria
Algorithm must:
• provide high level of security
• be completely specified
Security of the algorithm must reside in the key
Algorithm must be:
• available to all users
• adaptable for use in diverse applications
• efficiently implemented in hardware
• efficient to use
• able to be validated
• Exportable !
8. Cryptography part 2
10
DES in use
DES is widely-used data encryption using a (secret) key
judged so difficult to break by the U.S. government that it
was restricted for export to other countries.
• There are 72,000,000,000,000,000 (72 quadrillion) or
more possible encryption keys that can be used.
For each given message, the key is chosen at random from
among this enormous number of keys.
• Like other private key cryptographic methods, both the
sender and receiver must know and use the same
private key.
8. Cryptography part 2
11
DES Structure
• Block size – 64 bits
• Key size – 64 bit quantity=(8 bit parity)+(56 bit key)
– Every 8th bit is a parity bit.
– 16 round keys (48 bits) derived from key (56 bits)
• 16 iterations each consisting of scrambling the round-block (64 bits)
with the round-key (48 bits)
• 64 bit input, 64 bit output.
8. Cryptography part 2
12
Multiple Encryption
8. Cryptography part 2
13
Multiple Encryption
Major limitation of DES
• Key length is too short (56 bits).
• Question: So can we apply DES multiple
times to increase the strength of
encryption?
• Advantage: We could then preserve the
existing investment in software and
equipment.
8. Cryptography part 2
14
Double DES (I)
Apply two iterations of DES with two keys K1 and K2
What if DES has a structure of an algebraic group, such
that for each K1 and K2 there is a K3 with the property:
Ek2(Ek1(P)) = Ek3(P)
This is not the case (it was proved in 1992) but is the
security level O(2112)?
8. Cryptography part 2
15
Double DES (II)
Meet-in-the-Middle Attack:
• For given M and C – search only O(256) pairs of keys K1
and K2 at the intermediate point I
• Encrypt M under all 256 options for K1
– Denote the results by X1, X2, . . ., X2
• Decrypt C under all 256 options for K2
– Denote the results by Y1, Y2, . . ., Y2
8. Cryptography part 2
16
Double DES (III)
Meet-in-the-Middle Attack (continued):
• Sort the values X1, X2, . . ., X2
• Sort the values Y1, Y2, . . .
• Find collisions between values of Xi and Yj
– there should be about (2112 / 264) = 248 collisions
• Mark the 248 potential candidates for key-pair K1 / K2
• Take another pair M’ and C’, and repeat this -- test with
the new pair and the suspected 248 key-pairs
• The second test will pin down the correct pair K1 / K2
(the success rate will be (248 / 264) = 2-16 )
8. Cryptography part 2
17
Double DES (IV)
Meet-in-the-Middle Attack (continued):
• Time requirement of attack – for encryptions,
decryptions, sorting, and comparing: O(264) steps
• Space requirement of attack – for keeping the
encryption and decryption values: O(260) bytes
Although attack is not practical – it is high enough to
consider Double-DES insecure
8. Cryptography part 2
18
Triple-DES (I)
EEE Mode:
– DES Encrypt-Encrypt-Encrypt with three keys K1, K2, K3
(168 bits) and strength O (2110) against Meet-in-theMiddle
– Not compatible with regular DES
8. Cryptography part 2
19
Triple-DES (II)
EDE Mode:
• DES Encrypt-Decrypt-Encrypt with two keys K1, & K2
• Properties:
• Two keys (112 bits)
• Strength O(2110) against Meet-in-the-Middle
• Compatible with regular DES when K1= K2
8. Cryptography part 2
20
E-D-E versus E-E-E
Why E-D-E?
• – Initial and final permutations would
cancel each other out with EEE (minor
advantage to EDE)
• EDE compatible with single DES if same
keys.
• Only 2 different Keys needed with E-D-E
8. Cryptography part 2
21
Triple DES
• Not Ideal... Efficiency demands schemes
with longer keys!
• Runs one third as fast as DES on the
same platform
• New candidates numerous - RC5, IDEA,
two-fish, CAST, etc
• New AES
8. Cryptography part 2
22
Modes of Block Cipher Operations
Encrypting a Large Message
The base algorithms encrypt a fixed size block -- one block at a time.
This is the Electronic Code Book (ECB)
• repeated plaintext blocks results in repeated ciphertext blocks
Other modes “chain” to avoid this
• CBC (Cipher Block Chaining Mode)
• OFB (Output Feedback Mode)
• CFB (Cipher Feedback Mode)
Encryption does not guarantee integrity!
8. Cryptography part 2
23
ECB
• Divide and conquer !
• (M1 == M3) => (C1 == C3) giving information to eavesdroppers
8. Cryptography part 2
24
ECB Properties
Disadvantage:
• If ci=cJ, then pi=pJ
1. Can reorder blocks
2. Can substitute (fabricated information)
blocks to affect plaintext
Advantage:
• No error propagation.
Two serious flaws, one advantage!
8. Cryptography part 2
25
ECB problem
8. Cryptography part 2
26
CBC Encryption
8. Cryptography part 2
27
CBC Decryption
8. Cryptography part 2
28
CBC Properties
Chaining dependency
– Each ciphertext block depends on all preceding plaintext
blocks
– To change a bit in mi, change the corresponding bit in ci-1.
The side effect is that mi-1 will be garbled.
Error propagation
– Each error in cj affects decipherment of mj and mj+1.
Error recovery
– An error in cj doesn’t propagate beyond cj+1.
– Can recover from loss of cipher text blocks.
8. Cryptography part 2
29
OFB
8. Cryptography part 2
30
OFB Properties
OFB stream generated:
– IV (transmitted in the clear)
– pad1=e(IV, key)
– pad2=e(pad1, key)
– padi=e(padi-1,key)
• Chaining dependencies
– Key stream is plaintext-independent
– Allow pre-computing of pseudo-random stream (One-Time Pad); XOR
can be implemented very efficiently
• No error propagation problem as in CBC
• What if ciphertext is garbled or lost?
– If garbled, only plaintext bits are garbled.
– If lost or duplicated, it is no linger synchronized, so everything is lost.
8. Cryptography part 2
31
CFB
8. Cryptography part 2
32
CFB Properties
• Chaining dependencies
– Ciphertext block cj depends on all preceding
plaintext blocks.
Error propagation
• Bit error in one ciphertext block affects the next
few
Error recovery
• Can recover from bit errors after several blocks
• Can resynchronize after loss of blocks.
8. Cryptography part 2
33
Related documents
plaintext version
plaintext version
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
COURSES OFFERED IN FOREIGN LANGUAGES
COURSES OFFERED IN FOREIGN LANGUAGES
- projectgenie
- projectgenie
“Modern Cryptography – A Mathematician in Cyberspace”
“Modern Cryptography – A Mathematician in Cyberspace”
MidTermGuide
MidTermGuide
ECE 480X: Introduction to Cryptography and Communication Security
ECE 480X: Introduction to Cryptography and Communication Security
Syllabus - החוג למדעי המחשב
Syllabus - החוג למדעי המחשב
Download
advertisement