Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here

Similar documents
COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Block Ciphers Security of block ciphers. Symmetric Ciphers

Chapter 4 The Data Encryption Standard

V.Sorge/E.Ritter, Handout 2

DUBLIN CITY UNIVERSITY

DES Data Encryption standard

Network Security: Secret Key Cryptography

Some Cryptanalysis of the Block Cipher BCMPQ

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Generic Attacks on Feistel Schemes

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary

High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive

Differential Cryptanalysis of REDOC III

Lecture 1: Introduction

Dr. V.U.K.Sastry Professor (CSE Dept), Dean (R&D) SreeNidhi Institute of Science & Technology, SNIST Hyderabad, India. P = [ p

Eliminating Random Permutation Oracles in the Even-Mansour Cipher. Zulfikar Ramzan. Joint work w/ Craig Gentry. DoCoMo Labs USA

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:

Generic Attacks on Feistel Schemes

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

New Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256

DUBLIN CITY UNIVERSITY

Classical Cryptography

Proposal of New Block Cipher Algorithm. Abstract

4. Design Principles of Block Ciphers and Differential Attacks

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Introduction to Cryptography CS 355

Cryptanalysis on short messages encrypted with M-138 cipher machine

Pseudorandom Number Generation and Stream Ciphers

Encryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme

Random Bit Generation and Stream Ciphers

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis

Merkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)

The number theory behind cryptography

A Cryptosystem Based on the Composition of Reversible Cellular Automata

A Novel Encryption System using Layered Cellular Automata

Comments on An Image Encryption Scheme Based on Rotation Matrix Bit-Level Permutation and Block Diffusion

MA/CSSE 473 Day 13. Student Questions. Permutation Generation. HW 6 due Monday, HW 7 next Thursday, Tuesday s exam. Permutation generation

TMA4155 Cryptography, Intro

Hardware Bit-Mixers. Laszlo Hars January, 2016

Triple-DES Block of 96 Bits: An Application to. Colour Image Encryption

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

Math 1111 Math Exam Study Guide

Generation of AES Key Dependent S-Boxes using RC4 Algorithm

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Image Encryption Based on the Modified Triple- DES Cryptosystem

CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Keywords: dynamic P-Box and S-box, modular calculations, prime numbers, key encryption, code breaking.

Meet-in-the-Middle Attacks on Reduced-Round Midori-64

IND-CCA Secure Hybrid Encryption from QC-MDPC Niederreiter

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

Stream Ciphers And Pseudorandomness Revisited. Table of contents

On Permutation Operations in Cipher Design

Towards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Permutation Operations in Block Ciphers

BIT PERMUTATION INSTRUCTIONS: ARCHITECTURE, IMPLEMENTATION, AND CRYPTOGRAPHIC PROPERTIES

Cryptanalysis of Ladder-DES

Why (Special Agent) Johnny (Still) Can t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System

Cryptanalysis of HMAC/NMAC-Whirlpool

Introduction to Cryptography

Running head: SIMPLE SECRECY. Simple Secrecy: Analog Stream Cipher for Secure Voice Communication. John Campbell

Pseudo Noise Sequence Generation using Elliptic Curve for CDMA and Security Application

Explaining Differential Fault Analysis on DES. Christophe Clavier Michael Tunstall

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

Purple. Used by Japanese government. Not used for tactical military info. Used to send infamous 14-part message

Cryptology and Graph Theory

Avoiding Selective Attacks with using Packet Hiding Approaches in Wireless Network

Analysis of S-box in Image Encryption Using Root Mean Square Error Method

OFDM Based Low Power Secured Communication using AES with Vedic Mathematics Technique for Military Applications

CS1800 Discrete Structures Fall 2016 Profs. Aslam, Gold, Ossowski, Pavlu, & Sprague 7 November, CS1800 Discrete Structures Midterm Version C

1 = 3 2 = 3 ( ) = = = 33( ) 98 = = =

Automatically Generating Puzzle Problems with Varying Complexity

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

Quasi group based crypto-system

CS100: DISCRETE STRUCTURES. Lecture 8 Counting - CH6

Chapter 1. The alternating groups. 1.1 Introduction. 1.2 Permutations

Design of Message Authentication Code with AES and. SHA-1 on FPGA

II. RC4 Cryptography is the art of communication protection. This art is scrambling a message so it cannot be clear; it

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Available online at ScienceDirect. Procedia Computer Science 65 (2015 )

A new image encryption method using chaotic map

CDMA Physical Layer Built-in Security Enhancement

Image Encryption using Pseudo Random Number Generators

SECURITY OF CRYPTOGRAPHIC SYSTEMS. Requirements of Military Systems

Challenge 2. uzs yfr uvjf kay btoh abkqhb khgb tv hbk lk t tv bg akwv obgr

Cryptanalysis of an Improved One-Way Hash Chain Self-Healing Group Key Distribution Scheme

A Secure Image Encryption Algorithm Based on Hill Cipher System

Combinational Mathematics - I

DATA SECURITY USING ADVANCED ENCRYPTION STANDARD (AES) IN RECONFIGURABLE HARDWARE FOR SDR BASED WIRELESS SYSTEMS

Power Analysis Based Side Channel Attack

Diffie-Hellman key-exchange protocol

SHA-3 and permutation-based cryptography

Correlation Power Analysis of Lightweight Block Ciphers

SUBTHRESHOLD DESIGN SPACE EXPLORATION FOR GAUSSIAN NORMAL BASIS MULTIPLIER

A Fast Image Encryption Scheme based on Chaotic Standard Map

Image Encryption with Dynamic Chaotic Look-Up Table

Transcription:

Course Business Homework 2 Due Now Midterm is on March 1 Final Exam is Monday, May 1 (7 PM) Location: Right here Harry Hagrid 1

Cryptography CS 555 Topic 17: DES, 3DES 2

Recap Goals for This Week: Practical Constructions of Symmetric Key Primitives Last Class: Block Ciphers Today s Goals: DES/3DES Data Encryption Standard 3

Feistel Networks Alternative to Substitution Permutation Networks Advantage: underlying functions need not be invertible, but the result is still a permutation 4

L i+1 = R i R i+1 L i FF kkii (R i ) Proposition: the function is invertible. 5

Data Encryption Standard Developed in 1970s by IBM (with help from NSA) Adopted in 1977 as Federal Information Processing Standard (US) Data Encryption Standard (DES): 16-round Feistel Network. Key Length: 56 bits Vulnerable to brute-force attacks in modern times 1.5 hours at 14 trillion keys/second (e.g., Antminer S9) 6

DES Round 7

DES Mangle Function Expand E: 32-bit input 48-bit output (duplicates 16 bits) S-boxes: S 1,,S 8 Input: 6-bits Output: 4 bits Not a permutation! 4-to-1 function Exactly four inputs mapped to each possible output 8

Mangle Function 32 bit input 48 bit output of expand 48-bit sub key XOR block before Applying S-Boxes Each S-box outputs 4 bits 9

16 columns (4 bits) S-Box Representation as Table 0000 0001 0010 0011 0100 0101 00 01 10 11 0110 S(x)=1101..... 1111 4 columns (2 bits) x =101101 S(x) = Table[0110,11] 10

16 columns (4 bits) S-Box Representation 0000 0001 0010 0011 0100 0101 00 01 10 11 0110 S(x)=1101..... 1111 4 columns (2 bits) x =101101 S(x) = T[0110,11] Each column is permutation 11

Pseudorandom Permutation Requirements Consider a truly random permutation F Perm 128 Let inputs x and x differ on a single bit We expect outputs F(x) and F(x ) to differ on approximately half of their bits F(x) and F(x ) should be (essentially) independent. A pseudorandom permutation must exhibit the same behavior! Requirement: DES Avalanche Effect! 12

DES Avalanche Effect Permutation the end of the mangle function helps to mix bits Special S-box property #1 Let x and x differ on one bit then S i (x) differs from S i (x ) on two bits. 13

Avalanche Effect Example Consider two 64 bit inputs (L n,r n ) and (L n,r n =R n ) L n and L n differ on one bit This is worst case example L n+1 = L n+1 =R n But now R n+1 and R n+1 differ on one bit Even if we are unlucky E(R n+1 ) and E(R n+1 ) differ on 1 bit R n+2 and R n+2 differ on two bits L n+2 = R n+1 and L n+2 = R n+1 differ in one bit 14

Avalanche Effect Example R n+2 and R n+2 differ on two bits L n+2 = R n+1 and L n+2 = R n+1 differ in one bit R n+3 and R n+3 differ on four bits since we have different inputs to two of the S-boxes L n+3 = R n+2 and L n+2 = R n+2 now differ on two bits Seven rounds we expect all 32 bits in right half to be affected by input change DES has sixteen rounds 15

Attack on One-Round DES Given input output pair (x,y) y=(l 1,R 1 ) X=(L 0,R 0 ) Note: R 0 =L 1 Note: R 1 =L 0 ff 1 R 0 where f is the Mangling Function with key k 1 Conclusion: ff 1 R 0 =L 0 R 1 16

Attack on One-Round DES R 0 Four possible inputs Trivial to Recover L 0 R 1 17

Attack on Two-Round DES Output y =(L 2,R 2 ) Note: R 1 =L 0 ff 1 R 0 Also,R 1 = L 2 Thus, ff 1 R 0 =L 2 L 0 So we can still attack the first round key k1 as before as R 0 and L 2 L 0 are known Note:R 2 =L 1 ff 2 R 1 Also,L 1 =R 0 and R 1 = L 2 Thus, ff 2 L 2 =R 2 R 0 So we can attack the second round key k2 as before as L 2 and R 2 R 0 are known 18

Attack on Three-Round DES ff 1 R 0 ff 3 R 2 = L 0 L 2 L 2 R 3 = L 0 R 3 We know all of the values L 0,R 0, R 3 and L 3 = R 2. Leads to attack in time 2 n/2 (See details in textbook) Remember that DES is 16 rounds 19

DES Security Best Known attack is brute-force 2 56 Except under unrealistic conditions (e.g., 2 43 known plaintexts) Brute force is not too difficult on modern hardware Attack can be accelerated further after precomputation Output is a few terabytes Subsequently keys are cracked in 2 38 DES evaluations (minutes) Precomputation costs amortize over number of DES keys cracked Even in 1970 there were objections to the short key length for DES 20

Double DES Let F k (x) denote the DES block cipher A new block cipher F with a key kk = kk 1, kk 2 defined by FF kk xx = FF kk2 FF kk1 xx of length 2n can be Can you think of an attack better than brute-force? 21

Meet in the Middle Attack FF kk xx = FF kk2 FF kk1 xx Goal: Given (x, FF kk xx ) try to find secret key k in time and space O nn2 nn. Solution? See Homework 1 22

Triple DES Variant 1 Let F k (x) denote the DES block cipher A new block cipher F with a key kk = kk 1, kk 2, kk 3 defined by FF kk xx = FF kk3 FF 1 kk2 FF kk1 xx of length 2n can be Meet-in-the-Middle Attack Requires time Ω 2 2nn and space Ω 2 2nn 23

Triple DES Variant 1 Let F k (x) denote the DES block cipher Allows backward compatibility with DES by setting k 1 =k 2 =k 3 A new block cipher F with a key kk = kk 1, kk 2, kk 3 defined by FF kk xx = FF kk3 FF 1 kk2 FF kk1 xx of length 2n can be Meet-in-the-Middle Attack Requires time Ω 2 2nn and space Ω 2 2nn 24

Triple DES Variant 2 Let F k (x) denote the DES block cipher Just two keys! A new block cipher F with a key kk = kk 1, kk 2 by FF kk xx = FF kk1 FF 1 kk2 FF kk1 xx of length 2n can be defined Meet-in-the-Middle Attack still requires time Ω 2 2nn and space Ω 2 2nn Key length is still just 112 bits (128 bits is recommended) 25

Triple DES Variant 1 FF kk xx = FF kk3 FF 1 kk2 FF kk1 xx Standardized in 1999 Still widely used, but it is relatively slow (three block cipher operations) Current gold standard: AES 26

Next Class Read Katz and Lindell 6.2.5-6.3 AES & Differential Cryptanalysis + Hash Functions 27

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback