Lecture 5. Block Diagrams. Modes of Operation of Block Ciphers
|
|
- Elijah Thornton
- 6 years ago
- Views:
Transcription
1 Lecture 5 Block Diagrams Modes of Operation of Block Ciphers
2 Modes of Operation of Block Ciphers ECE 448 FPGA and ASIC Design with VHDL
3 Block vs. stream ciphers M 1, M 2,, M n m 1, m 2,, m n K Block cipher K Internal state - IS Stream cipher C 1, C 2,, C n c 1, c 2,, c n C i =f K (M i ) c i = f K (m i, IS i ) IS i+1 =g K (m i, IS i ) Every block of ciphertext is a function of only one corresponding block of plaintext Every block of ciphertext is a function of the current block of plaintext and the current internal state of the cipher
4 Typical stream cipher Sender key initialization vector (seed) Receiver key initialization vector (seed) Pseudorandom Key Generator Pseudorandom Key Generator k i keystream k i keystream m i plaintext c i ciphertext c i ciphertext m i plaintext
5 Standard modes of operation of block ciphers Block cipher Block cipher turned into a stream ciphers ECB mode Counter mode CFB mode CBC mode
6 ECB (Electronic CodeBook) mode
7 Electronic CodeBook Mode ECB Encryption M 1 M 2 M 3 M N-1 M N K K K K K E E E E E... C 1 C 2 C 3 C N-1 C N C i = E K (M i ) for i=1..n
8 Electronic CodeBook Mode ECB Decryption C 1 C 2 C 3 C N-1 C N K K K K K D D D D D... M 1 M 2 M 3 M N-1 M N M i = D K (C i ) for i=1..n
9 Electronic CodeBook Mode ECB (simplified block diagram) M i C i K IN E C i = E K (M i ) M i = D K (C i ) K IN D OUT OUT C i M i
10 Electronic CodeBook Mode ECB (combined block diagram) bdi IN IN K E K D OUT OUT bdi = M i for Encryption C i for Decryption bdo bdo = C i for Encryption M i for Decryption
11 Counter Mode
12 E Counter Mode - CTR Encryption IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i = E K (IV+i-1) for i=1..n
13 E Counter Mode - CTR Decryption IV IV+1 IV+2 IV+N-2 IV+N-1... K K K K K E E E E... k 1 k 2 k 3 k N-1 k N c 1 c 2 c 3 c N-1 c N m 1 m 2 m 3 m N-1 m N m i = c i k i k i = E K (IV+i-1) for i=1..n
14 IV Counter Mode CTR (simplified block diagram) IV counter IS i IN IS 1 = IV c i = E K (IS i ) m i IS i+1 = IS i +1 counter IS i IN K E OUT IS 1 = IV m i = E K (IS i ) c i IS i+1 = IS i +1 K E OUT c i c i m i m i
15 Counter Mode CTR (combined block diagram) IV counter bdi = m i for Encryption c i for Decryption IS i K IN E bdo = c i for Encryption m i for Decryption OUT bdo bdi
16 CFB (Cipher FeedBack) Mode
17 IV E Cipher Feedback Mode - CFB Encryption... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N c i = m i k i k i =E K (c i-1 ) for i=1..n, and c 0 = IV
18 IV E Cipher Feedback Mode - CFB Decryption... E E E E... k 1 k 2 k 3 k N-1 k N m 1 m 2 m 3 m N-1 m N c 1 c 2 c 3 c N-1 c N m i = c i k i k i =E K (c i-1 ) for i=1..n, and c 0 = IV
19 IV Cipher Feedback Mode CFB (simplified block diagram) IV register IS i IN IS 1 = IV c i = E K (IS i ) m i IS i+1 = c i register IS i IN K E OUT IS 1 = IV m i = E K (IS i ) c i IS i+1 = c i K E OUT c i c i m i m i
20 IV Cipher Feedback Mode CFB (combined block diagram) register bdi = m i for Encryption c i for Decryption K IN E IS i bdi bdo = c i for Encryption m i for Decryption OUT bdo bdi
21 CBC (Cipher Block Chaining) Mode
22 Cipher Block Chaining Mode - CBC Encryption IV m 1 m 2 m 3... m N-1 m N E E E E E... c 1 c 2 c 3 c N-1 c N c i = E K (m i c i-1 ) for i=1..n c 0 =IV
23 Cipher Block Chaining Mode - CBC Decryption c 1 c 2 c 3 c N-1 c N IV D D D... D D... m 1 m 2 m 3 m N-1 m N m i = D K (c i ) c i-1 for i=1..n c 0 =IV
24 Cipher Block Chaining Mode CBC IV (simplified block diagram) m i register IS i IS 1 = IV c i = E K (IS i m i ) IS i+1 = c i K IN D OUT K IN E OUT IS 1 = IV m i = D K (c i ) IS i IS i+1 = c i IS i register m i c i c i IV
25 Cipher Block Chaining Mode CBC (combined block diagram) IV bdi c i IN bdi register K D IS i OUT bdi IN K E OUT bdo
26 Advanced Encryption Standard (AES) Pseudocode ECE 448 FPGA and ASIC Design with VHDL
27 AES Encryption
28 AES Decryption
29 AES: Symbols, Block Diagrams, Interfaces ECE 448 FPGA and ASIC Design with VHDL
30 AES_Enc Encryption Only Key scheduling done as a part of initialization
31 Symbol start din key done init done_init rst AES_Enc 128 dout ready
32 Block Diagram AES_Enc Note: Bold line represents a 128 bit bus unless specified otherwise din 0 1 din Round sel_in en_in rkey key we dout en_fkey wr_rkey RAM din addr 0 1 sel_fkey ki KeyUpdate dout_fdb dout en_rkey round round ko dout
33 Block Diagram Round din input SubBytes output input ShiftRows output input MixColumns output dout_fdb rkey dout Note: Bold line represents a 128 bit bu unless specified otherwise
34 Block Diagram KeyUpdate ki[95..64] ki[ ] ki[63..32] ki[31..0] ROTWORD SUBWORD rcon ROM ko[ ] ko[63..32] ko[95..64] ko[31..0] Note: All buses are 32 bit wide unless specified otherwise 4 round
35 AES_Enc: Interface with the Division into the Datapath and Controller din din Enc Datapath 128 dout dout key key en_rkey wr_rkey en_fkey sel_fkey en_in sel_in round clk rst Note: Bold line represents a 128 bit bus unless specified otherwise 4 init init rst en_rkey wr_rkey en_fkey sel_fkey en_in sel_in round ready start start Enc Control done_init done ready done done_init
36 AES_Enc_KOF Encryption Only Key scheduling done On the Fly
37 Symbol 128 din 128 key start done AES_Enc_KOF rst 128 dout ready
38 Block Diagram AES_Enc_KOF Note: Bold line represents a 128 bit bus unless specified otherwise din key 0 1 sel_in en_in sel_in 0 1 round 4 din ki round dout_fdb Round rkey dout dout ko KeyUpdate
39 Block Diagram Round din input SubBytes output input ShiftRows output input MixColumns output dout_fdb rkey dout Note: Bold line represents a 128 bit bu unless specified otherwise
40 Block Diagram KeyUpdate ki[95..64] ki[ ] ki[63..32] ki[31..0] ROTWORD SUBWORD rcon ROM ko[ ] ko[63..32] ko[95..64] ko[31..0] Note: All buses are 32 bit wide unless specified otherwise 4 round
41 AES_Enc_KOF: Interface with the Division into the Datapath and Controller din key clk rst start din key start Enc_KOF Datapath 128 dout dout en_in sel_in round 4 rst en_in sel_in round ready ready Enc_KOF Control done done Note: Bold line represents a 128 bit bus unless specified otherwise
42 AES_EncDec Encryption and Decryption Key scheduling done as a part of initialization
43 Symbol 128 din start decrypt init 128 key done done_init AES_EncDec rst ready dout 128
44 Block Diagram AES_EncDec KeyUpdate round ko ki din en_fkey 4 sel_fkey 1 0 round Note: Bold line represents a 128 bit bus unless specified otherwise key en_lkey sel_in round invround 4 4 en_in 0 1 din Round rkey rkey din Inv Round din addr RAM we dout sel_round wr_rkey dout_fdb dout dout dout_fdb en_rkey 0 1 sel_decrypt dout
45 Block Diagram Round din input SubBytes output input ShiftRows output input MixColumns output dout_fdb rkey dout Note: Bold line represents a 128 bit bu unless specified otherwise
46 Block Diagram InvRound din input InvSubBytes output input InvShiftRows output input InvMixColumns output dout_fdb rkey dout Note: Bold line represents a 128 bit bu unless specified otherwise
47 Block Diagram KeyUpdate ki[95..64] ki[ ] ki[63..32] ki[31..0] ROTWORD SUBWORD rcon ROM ko[ ] ko[63..32] ko[95..64] ko[31..0] Note: All buses are 32 bit wide unless specified otherwise 4 round
48 AES_EncDec: Interface with the Division into the Datapath and Controller din key rst clk start init decrypt din key start init decrypt EncDec Datapath sel_decrypt invround round sel_round sel_in en_in en_rkey wr_rkey en_lkey en_fkey sel_fkey dout 128 dout Note: Bold line represents a 128 bit bus unless specified otherwise rst sel_decrypt invround round sel_round EncDec sel_in en_in Control en_rkey wr_rkey en_lkey en_fkey sel_fkey ready done_init done ready done done_init
49 Example of a Hierarchical Block Diagram JH hash function ECE 448 FPGA and ASIC Design with VHDL
50 rp SIPO rp rp group A q dg dg PISO 64 dout h 1..0 dgc 64 din 1024 IV C_IV zeros ha hb 1024 hc=ha hb rp dg dga dgb degroup 1024 q B dgc=dga dgb 1024 h JH 256: h=256 JH 512: h=512 R6 Cr R8 Cr r r rp Top Level
51 R8 : y = 1024 R6 : y = 256 R8/R6 r y y is the bit size of r S0 S1 S0 S1 S0 S1 S0 S1 Cr[0] Cr[1] Cr[y/4 2] Cr[y/4 1] A C L B D A C L B D PERMUTE rp y
52 L A 4 B 4 <<< A(3) 0 } <<< D(3) 0 } C D
53 Example of a Hierarchical Block Diagram BLAKE hash function ECE 448 FPGA and ASIC Design with VHDL
54 Top Level BLAKE 32 : b=512, h=256 BLAKE 64 : b=1024, h=512 b/2 IV b/2 1 0 b/2 64 din SIPO b c b/2 t c[0..7] b/8 1 b/2 t h Initialization c v b 0 b b/2 CV b/2 b b b b b V b/2 msg constant V Permute8 CM b b CM Core8 VP b b v Finalization h h b/2 b/2 b/2 PISO 64 dout
55 msg b Permute8 constant select8 b b b b b b b Pσ0 Pσ1 Pσ2 Pσ7 Pσ8 Pσ9 i 4 select8 b b b b b b i Note: hi and low denotes top and bottom half of the permutation table b m XOR_W CROSS c b m = m[0..15] c = c[0..15] cm 2i = m 2i c 2i+1 cm 2i+1 = m 2i+1 c 2i CM BLAKE 32 : b=512,w=32 BLAKE 64 : b=1024,w=64
56 Core8 BLAKE 32 : b=512, w=32 BLAKE 64 : b=1024, w=64 V[0] V[8] V[4] V[12] V[1] V[9] V[5] V[13] V[2] V[10] V[6] V[14] V[3] V[11] V[7] V[15] A B C D A B C D A B C D A B C D CM[0,1] 2w cm A G_mod B C D CM[2,3] 2w cm A G_mod B C D CM[4,5] 2w cm A G_mod B C D CM[6,7] 2w cm A G_mod B C D A B C D A B C D A B C D A B C D CM[8,9] 2w cm A G_mod B C D CM[10,11] 2w cm A G_mod B C D CM[12,13] 2w cm A G_mod B C D CM[14,15] 2w cm A G_mod B C D VP[5] VP[15] VP[0] VP[10] VP[6] VP[12] VP[1] VP[11] VP[7] VP[13] VP[2] VP[8] VP[4] VP[14] VP[3] VP[9]
57 G_mod 2i R2 <<< R4 <<< w w w w w w w w w w R1 <<< w w w R3 <<< w w w w w w w w w w w w B A C D B A C D w w w BLAKE 64 : w=64 BLAKE 32 : w=32 CM2i+1 CM
58 Interface of CipherCore Datapath ECE 448 FPGA and ASIC Design with VHDL
59 59 Block Diagram of AEAD npub npub TAG_SIZE sdi_ready sdi sdi_valid bypass_full bypass_wr KEY_SIZE W sdi sdi_ready pdi_ready pdi pdi_valid sdi_valid write din full empty dout read FIFO Bypass DBLK_SIZE/8 DBLK_SIZE/8 bdi_decrypt bdi_decrypt nsec_ready nsec_ready bdi_pad_loc bdi_valid_bytes bdi_valid_bytes bdi_pad_loc bdi_size bdi_size bdi_read bdi_read exp_tag_ready exp_tag_ready bdi_eot bdi_eoi bdi_eot bdi_eoi bdi_nodata bdi_nodata BS_BYTES bdi_proc bdi_ready bdi_ready bdi_proc bdi_ad bdi_ad nsec_read nsec_read npub_read npub_read key_updated key_needs_update key_ready key_needs_update key_ready key_updated rdkey_ready rdkey_read rdkey_ready rdkey_read npub_ready npub_ready W W 4 W 3 do do_ready do_valid do_ready do tag_ready tag_write msg_auth_valid msg_auth_done bypass_empty bypass_rd status dout ctrl din aux_fifo_status aux_fifo_dout aux_fifo_din aux_fifo_ctrl bypass_data do_valid Processor Post AUX FIFO bdo_nsec bdo_size bdo_ready bdo_write bdo_data tag_data Processor Pre Controller CipherCore Datapath CipherCore W TAG_SIZE len_a len_d len_a len_d exp_tag exp_tag CTR_AD_SIZE tag bdo bdi bdi key key rdkey rdkey nsec nsec NSEC_SIZE AEAD Core CipherCore pdi pdi_valid pdi_ready DBLK_SIZE RDKEY_SIZE AEAD SW msg_auth_done tag_ready tag_write msg_auth_valid msg_auth_done bdo_nsec bdo_ready bdo_write bdo_size DBLK_SIZE BS_BYTES+1 CTR_D_SIZE NPUB_SIZE
60 Input Ports (nonce, IV) (only few candidates) (we will not use it) (AD, M, C)
61 ECE 448 FPGA and ASIC Design with VHDL Timeline
62 Project Timeline: Draft Block Diagrams Thursday 10/15, 12 noon: First draft of block diagrams (Blackboard) Thursday 10/15, 1:00-4:30pm Friday 10/16, 1:00-8:00pm Discussion of draft block diagrams (30 minutes per person, 60 minutes per group, electronic sign-up using Doodle)
63 Project Timeline: Revised Block Diagrams Thursday 10/22, 12 noon Revised block diagrams due (Blackboard) Thursday 10/22, 1:00-4:30pm Friday 10/23, 1:00-8:00pm Discussion of revised block diagrams (30 minutes per person, 60 minutes per group, electronic sign-up using Doodle)
Lecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More information(Solution to Odd-Numbered Problems) Number of rounds. rounds
CHAPTER 7 AES (Solution to Odd-Numbered Problems) Review Questions. The criteria defined by NIST for selecting AES fall into three areas: security, cost, and implementation. 3. The number of round keys
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationBlock ciphers. Block ciphers. Data Encryption Standard (DES) DES: encryption circuit
Block ciphers Block ciphers Myrto Arapinis School o Inormatics University o Edinburgh January 22, 2015 A block cipher with parameters k and l is a pair o deterministic algorithms (E, D) such that Encryption
More informationA block cipher enciphers each block with the same key.
Ciphers are classified as block or stream ciphers. All ciphers split long messages into blocks and encipher each block separately. Block sizes range from one bit to thousands of bits per block. A block
More informationU.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6
U.C. Berkeley CS276: Cryptography Handout N6 Luca Trevisan February 5, 2009 Notes for Lecture 6 Scribed by Ian Haken, posted February 8, 2009 Summary The encryption scheme we saw last time, based on pseudorandom
More informationCTR mode of operation
CSA E0 235: Cryptography 13 March, 2015 Dr Arpita Patra CTR mode of operation Divya and Sabareesh 1 Overview In this lecture, we formally prove that the counter mode of operation is secure against chosen-plaintext
More informationSymmetric Ciphers. Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5)
Symmetric Ciphers Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5) Symmetric Cryptography C = E(P,K) P = D(C,K) Requirements Given C, the only way to obtain P should be with the knowledge of K Any
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-22 Recap Two methods for attacking the Vigenère cipher Frequency analysis Dot Product Playfair Cipher Classical Cryptosystems - Section
More informationBlock ciphers And modes of operation. Table of contents
Block ciphers And modes of operation Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction Pseudorandom permutations Block Ciphers Modes of Operation
More informationarxiv: v1 [cs.cr] 13 Sep 2016
Hacking of the AES with Boolean Functions Michel Dubois Operational Cryptology and Virology Laboratory Éric Filiol Operational Cryptology and Virology Laboratory September 14, 2016 arxiv:1609.03734v1 [cs.cr]
More informationCodes and Cryptography. Jorge L. Villar. MAMME, Fall 2015 PART XII
Codes and Cryptography MAMME, Fall 2015 PART XII Outline 1 Symmetric Encryption (II) 2 Construction Strategies Construction Strategies Stream ciphers: For arbitrarily long messages (e.g., data streams).
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationCryptography Lecture 4 Block ciphers, DES, breaking DES
Cryptography Lecture 4 Block ciphers, DES, breaking DES Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages
More informationUNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY
UNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY Rainer Steinwandt 1,2 Florida Atlantic University, USA (joint work w/ B. Amento, M. Grassl, B. Langenberg 2, M. Roetteler) 1 supported
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationSecurity and Cryptography 1
Security and Cryptography 1 Module 5: Pseudo Random Permutations and Block Ciphers Disclaimer: large parts from Mark Manulis and Dan Boneh Dresden, WS 18 Reprise from the last modules You know CIA, perfect
More informationModern Cryptography Lecture 4
Modern Cryptography Lecture 4 Pseudorandom Functions Block-Ciphers Modes of Operation Chosen-Ciphertext Security 1 October 30th, 2018 2 Webpage Page for first part, Homeworks, Slides http://pub.ist.ac.at/crypto/moderncrypto18.html
More informationFirst-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure
Josh Jaffe CHES 2007 Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US
More informationSymmetric Encryption
1 Symmetric Encryption Mike Reiter Based on Chapter 5 of Bellare and Rogaway, Introduction to Modern Cryptography. Symmetric Encryption 2 A symmetric encryption scheme is a triple SE = K, E, D of efficiently
More informationLecture 5: Pseudorandom functions from pseudorandom generators
Lecture 5: Pseudorandom functions from pseudorandom generators Boaz Barak We have seen that PRF s (pseudorandom functions) are extremely useful, and we ll see some more applications of them later on. But
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationSidechannel Resistant Lightweight ASIC Implementations of DES and AES
Sidechannel Resistant Lightweight ASIC Implementations of DES and AES Diplomarbeit by Axel Poschmann Department of Electrical Engineering and Information Sciences Ruhr-Universität Bochum Chair for Communication
More informationImproved Impossible Differential Cryptanalysis of Rijndael and Crypton
Improved Impossible Differential Cryptanalysis of Rijndael and Crypton Jung Hee Cheon 1, MunJu Kim 2, Kwangjo Kim 1, Jung-Yeun Lee 1, and SungWoo Kang 3 1 IRIS, Information and Communications University,
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationInstitutionen för systemteknik
Institutionen för systemteknik Department of Electrical Engineering Examensarbete Power Analysis of the Advanced Encryption Standard Attacks and Countermeasures for 8-bit Microcontrollers Examensarbete
More informationModule 2 Advanced Symmetric Ciphers
Module 2 Advanced Symmetric Ciphers Dr. Natarajan Meghanathan Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Data Encryption Standard (DES) The DES algorithm
More informationLow Complexity Differential Cryptanalysis and Fault Analysis of AES
Low Complexity Differential Cryptanalysis and Fault Analysis of AES Michael Tunstall May/June, 2011 Michael Tunstall (University of Bristol) May/June, 2011 1 / 34 Introduction We present a survey of low
More informationPrivate-key Systems. Block ciphers. Stream ciphers
Chapter 2 Stream Ciphers Further Reading: [Sim92, Chapter 2] 21 Introduction Remember classication: Private-key Systems Block ciphers Stream ciphers Figure 21: Private-key cipher classication Block Cipher:
More informationAccelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography. Stefan Tillich, Johann Großschädl
Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography International Workshop on Information Security & Hiding (ISH '05) Institute for Applied Information Processing and Communications
More informationBlock Ciphers. Chester Rebeiro IIT Madras. STINSON : chapters 3
Block Ciphers Chester Rebeiro IIT Madras STINSON : chapters 3 Block Cipher K E K D Alice untrusted communication link E #%AR3Xf34^$ message encryption (ciphertext) Attack at Dawn!! D decryption Bob Attack
More informationSymmetric Cryptography
Symmetric Cryptography Stanislav Palúch Fakula riadenia a informatiky, Žilinská univerzita 25. októbra 2017 Stanislav Palúch, Fakula riadenia a informatiky, Žilinská univerzita Symmetric Cryptography 1/54
More informationCPA-Security. Definition: A private-key encryption scheme
CPA-Security The CPA Indistinguishability Experiment PrivK cpa A,Π n : 1. A key k is generated by running Gen 1 n. 2. The adversary A is given input 1 n and oracle access to Enc k, and outputs a pair of
More informationAn Introduction to Authenticated Encryption. Palash Sarkar
An Introduction to Authenticated Encryption Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata palash@isical.ac.in 20 September 2016 Presented at the Workshop on Authenticated
More informationFORGERY ON STATELESS CMCC WITH A SINGLE QUERY. Guy Barwell University of Bristol
FORGERY ON STATELESS CMCC WITH A SINGLE QUERY Guy Barwell guy.barwell@bristol.ac.uk University of Bristol Abstract. We present attacks against CMCC that invalidate the claimed security of integrity protection
More informationBlock Ciphers and Feistel cipher
introduction Lecture (07) Block Ciphers and cipher Dr. Ahmed M. ElShafee Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure
More informationAES [and other Block Ciphers] Implementation Tricks
AES [and other Bloc Ciphers] Implementation Trics Cryptographic algorithms Basic primitives Survey by Stephen et al, LNCS 1482, Sep. 98 General Structure of a Bloc Cipher Useful Properties for Implementing
More informationCSc 466/566. Computer Security. 5 : Cryptography Basics
1/84 CSc 466/566 Computer Security 5 : Cryptography Basics Version: 2012/03/03 10:44:26 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg Christian
More informationLecture 4: DES and block ciphers
Lecture 4: DES and block ciphers Johan Håstad, transcribed by Ernir Erlingsson 2006-01-25 1 DES DES is a 64 bit block cipher with a 56 bit key. It selects a 64 bit block and modifies it depending on the
More informationApplying Grover s algorithm to AES: quantum resource estimates
Applying Grover s algorithm to AES: quantum resource estimates Markus Grassl 1, Brandon Langenberg 2, Martin Roetteler 3 and Rainer Steinwandt 2 1 Universität Erlangen-Nürnberg & Max Planck Institute for
More informationCSA E0 235: Cryptography March 16, (Extra) Lecture 3
CSA E0 235: Cryptography March 16, 2015 Instructor: Arpita Patra (Extra) Lecture 3 Submitted by: Ajith S 1 Chosen Plaintext Attack A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics Department,
More informationZero-Correlation Linear Cryptanalysis of Reduced-Round LBlock
Zero-Correlation Linear Cryptanalysis of Reduced-Round LBlock Hadi Soleimany and Kaisa Nyberg Department of Information and Computer Science, Aalto University School of Science, Finland WCC 2013 1/53 Outline
More informationCryptanalysis of the Light-Weight Cipher A2U2 First Draft version
Cryptanalysis of the Light-Weight Cipher A2U2 First Draft version Mohamed Ahmed Abdelraheem, Julia Borghoff, Erik Zenner Technical University of Denmark, DK-2800 Kgs. Lyngby, Denmark {M.A.Abdelraheem,J.Borghoff,E.Zenner}@mat.dtu.dk
More informationCryptography: Key Issues in Security
L. Babinkostova J. Keller B. Schreiner J. Schreiner-McGraw K. Stubbs August 1, 2014 Introduction Motivation Group Generated Questions and Notation Translation Based Ciphers Previous Results Definitions
More informationQuestion 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +
Homework #2 Question 2.1 Show that 1 p n + μ n is non-negligible 1. μ n + 1 p n > 1 p n 2. Since 1 p n is non-negligible so is μ n + 1 p n Question 2.1 Show that 1 p n - μ n is non-negligible 1. μ n O(
More informationThesis Research Notes
Thesis Research Notes Week 26-2012 Christopher Wood June 29, 2012 Abstract This week was devoted to reviewing some classical literature on the subject of Boolean functions and their application to cryptography.
More informationLOOKING INSIDE AES AND BES
23 LOOKING INSIDE AES AND BES Ilia Toli, Alberto Zanoni Università degli Studi di Pisa Dipartimento di Matematica Leonida Tonelli Via F. Buonarroti 2, 56127 Pisa, Italy {toli, zanoni}@posso.dm.unipi.it
More informationSecret Key: stream ciphers & block ciphers
Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad define a secret key ( seed ) Using the seed generates a byte stream (Keystream): i-th byte is function only
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationProvably Secure Higher-Order Masking of AES
Provably Secure Higher-Order Masking of AES Matthieu Rivain 1 and Emmanuel Prouff 2 1 CryptoExperts matthieu.rivain@cryptoexperts.com 2 Oberthur Technologies e.prouff@oberthur.com Abstract. Implementations
More informationA Multiple Bit Parity Fault Detection Scheme for The Advanced Encryption Standard Galois/ Counter Mode
Western University Scholarship@Western Electronic Thesis and Dissertation Repository October 2014 A Multiple Bit Parity Fault Detection Scheme for The Advanced Encryption Standard Galois/ Counter Mode
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K, E, D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2
More informationStronger Security Variants of GCM-SIV
Stronger Security Variants of GCM-SIV Tetsu Iwata 1 Kazuhiko Minematsu 2 FSE 2017 Tokyo, Japan March 8 2017 Nagoya University, Japan NEC Corporation, Japan Supported in part by JSPS KAKENHI, Grant-in-Aid
More informationAttacks on Hash Functions based on Generalized Feistel Application to Reduced-Round Lesamnta and SHAvite-3 512
Attacks on Hash Functions based on Generalized Feistel Application to Reduced-Round Lesamnta and SHAvite-3 512 Charles Bouillaguet 1, Orr Dunkelman 2, Gaëtan Leurent 1, and Pierre-Alain Fouque 1 1 Département
More informationCS 6260 Applied Cryptography
CS 6260 Applied Cryptography Symmetric encryption schemes A scheme is specified by a key generation algorithm K, an encryption algorithm E, and a decryption algorithm D. K K =(K,E,D) MsgSp-message space
More informationDan Boneh. Stream ciphers. The One Time Pad
Online Cryptography Course Stream ciphers The One Time Pad Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs (E, D) where E is often randomized. D is always deterministic.
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationAuthenticated Encryption Mode for Beyond the Birthday Bound Security
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp Africacrypt 2008, Casablanca, Morocco June 11, 2008 Blockcipher plaintext M key
More informationECE 448 Lecture 6. Finite State Machines. State Diagrams, State Tables, Algorithmic State Machine (ASM) Charts, and VHDL Code. George Mason University
ECE 448 Lecture 6 Finite State Machines State Diagrams, State Tables, Algorithmic State Machine (ASM) Charts, and VHDL Code George Mason University Required reading P. Chu, FPGA Prototyping by VHDL Examples
More informationAkelarre. Akelarre 1
Akelarre Akelarre 1 Akelarre Block cipher Combines features of 2 strong ciphers o IDEA mixed mode arithmetic o RC5 keyed rotations Goal is a more efficient strong cipher Proposed in 1996, broken within
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University February 5 2018 Review Relation between PRF and PRG Construct PRF from
More informationSome attacks against block ciphers
Some attacks against block ciphers hristina Boura École de printemps en codage et cryptographie May 19, 2016 1 / 59 Last-round attacks Outline 1 Last-round attacks 2 Higher-order differential attacks 3
More informationSome integral properties of Rijndael, Grøstl-512 and LANE-256
Some integral properties of Rijndael, Grøstl-512 and LANE-256 Marine Minier 1, Raphael C.-W. Phan 2, and Benjamin Pousse 3 1 Universit de Lyon, INRIA, INSA-Lyon, CITI, 2 Electronic & Electrical Engineering,
More informationChapter 2 Symmetric Encryption Algorithms
Chapter 2 Symmetric Encryption Algorithms February 15, 2010 2 The term symmetric means that the same key used to encrypt is used decrypt. In the widest sense all pre-pkc encryption algorithms are symmetric,
More informationNew Implementations of the WG Stream Cipher
New Implementations of the WG Stream Cipher Hayssam El-Razouk, Arash Reyhani-Masoleh, and Guang Gong Abstract This paper presents two new hardware designs of the WG-28 cipher, one for the multiple output
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 27 Previously on COS 433 Security Experiment/Game (One- time setting) b m, m M c Challenger k ß K c ß Enc(k,m b ) b IND-Exp b ( )
More informationHomomorphic Encryption. Liam Morris
Homomorphic Encryption Liam Morris Topics What Is Homomorphic Encryption? Partially Homomorphic Cryptosystems Fully Homomorphic Cryptosystems Benefits of Homomorphism Drawbacks of Homomorphism What Is
More informationDD2448 Foundations of Cryptography Lecture 1
DD2448 Foundations of Cryptography Lecture 1 Douglas Wikström KTH Royal Institute of Technology dog@kth.se January 18, 2016 Introduction and Administration Information About the Course Oral information
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #4 Sep 2 nd 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list Quiz #1 will be on Thursday, Sep 9 th
More informationNonlinear Invariant Attack
Nonlinear Invariant Attack Practical Attack on Full SCREAM, iscream, and Midori64 Yosuke Todo 13, Gregor Leander 2, and Yu Sasaki 1 1 NTT Secure Platform Laboratories, Tokyo, Japan todo.yosuke@lab.ntt.co.jp,
More informationModels and analysis of security protocols 1st Semester Symmetric Encryption Lecture 5
Models and analysis of security protocols 1st Semester 2009-2010 Symmetric Encryption Lecture 5 Pascal Lafourcade Université Joseph Fourier, Verimag Master: September 29th 2009 1 / 60 Last Time (I) Security
More informationSPCS Cryptography Homework 13
1 1.1 PRP For this homework, use the ollowing PRP: E(k, m) : {0, 1} 3 {0, 1} 3 {0, 1} 3 000 001 010 011 100 101 110 111 m 000 011 001 111 010 000 101 110 100 001 101 110 010 000 111 100 001 011 010 001
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationMitsuru Matsui , Ofuna, Kamakura, Kanagawa, 247, Japan. which are block ciphers with a 128-bit key, a 64-bit block and a variable
New Block Encryption Algorithm MISTY Mitsuru Matsui Inormation Technology R&D Center Mitsubishi Electric Corporation 5-1-1, Ouna, Kamakura, Kanagawa, 247, Japan matsui@iss.isl.melco.co.jp Abstract. We
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationImpact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers
Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers Goutam Paul and Shashwat Raizada Jadavpur University, Kolkata and Indian Statistical Institute,
More informationBlock Ciphers/Pseudorandom Permutations
Block Ciphers/Pseudorandom Permutations Definition: Pseudorandom Permutation is exactly the same as a Pseudorandom Function, except for every key k, F k must be a permutation and it must be indistinguishable
More informationInnovations in permutation-based crypto
Innovations in permutation-based crypto Joan Daemen 1,2 based on joint work with Guido Bertoni 3, Seth Hoert, Michaël Peeters 1, Gilles Van Assche 1 and Ronny Van Keer 1 Cryptacus Training School, Azores,
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography COST Training School on Symmetric Cryptography and Blockchain Stefan Kölbl February 19th, 2018 DTU Compute, Technical University of Denmark Practical Information
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationUniv.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.
Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to
More informationChosen Plaintext Attacks (CPA)
Chosen Plaintext Attacks (CPA) Goals New Attacks! Chosen Plaintext Attacks (often CPA) is when Eve can choose to see some messages encoded. Formally she has Black Box for ENC k. We will: 1. Define Chosen
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationLightweight Cryptography for RFID Systems
Lightweight Cryptography for RFID Systems Guang Gong Department of Electrical and Computer Engineering University of Waterloo CANADA G. Gong (University of Waterloo)
More informationCandidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.
UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator
More informationTHE FLORIDA STATE UNIVERSITY COLLEGE OF ARTS AND SCIENCES PRIMITIVES AND SCHEMES FOR NON-ATOMIC INFORMATION AUTHENTICATION GOCE JAKIMOSKI
THE FLORIDA STATE UNIVERSITY COLLEGE OF ARTS AND SCIENCES PRIMITIVES AND SCHEMES FOR NON-ATOMIC INFORMATION AUTHENTICATION By GOCE JAKIMOSKI A Dissertation submitted to the Department of Computer Science
More informationOn the computation of best second order approximations of Boolean Functions ΕΤΗΣΙΑ ΕΚΘΕΣΗ 2010
Introduction Boolean functions 2nd order nonlinearity Summary ARXH PROSTASIAS_APOLOGISMOS 2010.indd 1 20/04/2011 12:54 ΜΜ On the computation of best second order approximations of Boolean Functions ΕΤΗΣΙΑ
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Authenticated Encryption Syntax Syntax: Enc: K M à C Dec: K C à M { } Correctness: For all k K, m M, Dec(k, Enc(k,m) ) = m Unforgeability
More informationThe Vigenère cipher is a stronger version of the Caesar cipher The encryption key is a word/sentence/random text ( and )
A Better Cipher The Vigenère cipher is a stronger version of the Caesar cipher The encryption key is a word/sentence/random text ( and ) To the first letter, add 1 To the second letter, add 14 To the third
More information