Cryptography Lecture 4 Block ciphers, DES, breaking DES
|
|
- Georgia Jocelin Bradley
- 6 years ago
- Views:
Transcription
1 Cryptography Lecture 4 Block ciphers, DES, breaking DES
2 Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages There is always one n (the unicity distance) where only one value for the key recreates a possible plaintext, unless we use OTP Key Key Alice E k D k m c m Bob Eve
3 Defence against breaking a cipher through exhaustive search Change key often enough, so that unicity distance is not reached OTP Approximation of OTP: Stream ciphers Make sure there are too many possible keys for exhaustive search Single-letter substitution is not enough, even though there are 26! combinations Encrypt larger blocks (than one-, two-, or three-letter combinations) Key Key Alice + + m c m Bob Eve
4 Defence against breaking a cipher through exhaustive search Change key often enough, so that unicity distance is not reached OTP Approximation of OTP: Stream ciphers Make sure there are too many possible keys for exhaustive search Single-letter substitution is not enough, even though there are 26! combinations Encrypt larger blocks (than one-, two-, or three-letter combinations) Key Alice Block Block m cipher c cipher m Key Bob Eve
5 Substitution cipher m i Single letter L = 26 Single letter k from K K = 26! 2 88 k Permutation c i
6 Playfair m i Pair of letters L = 26 2 Key word k from K K < 26! 2 88 k Permutation c i
7 Generic block cipher m i n-bit blocks L = 2 n Key k from K K = (2 n )! k Permutation c i
8 Generic block cipher Too large Key k from K K = (2 n )! m i n-bit blocks L = 2 n k Permutation c i
9 Data Encryption Standard (1975) Key k from K K = 2 56 (2 64 )! m i 64-bit blocks L = 2 64 k Permutation c i
10 Block ciphers v. codes The same block with the same key always produces the same cryptogram, independent of its position in a sequence This is simple substitution on the block level An attacker could, in principle, create a table of all plaintext values and their corresponding cryptograms, one table for each key, and use this for cryptanalysis As defence, blocks and keys must be so large that there are too many values to list in the table
11 Block cipher criteria Diffusion If a plaintext character changes, several ciphertext characters should change. This is a basic demand on a block cipher, and ensures that the statistics used need to be block statistics (as opposed to letter statistics) Confusion Every bit of the ciphertext should depend on several bits in the key. This can be achieved by ensuring that the system is nonlinear
12 Diffusion: the avalanche effect A change in one bit in the input should propagate to many bits in the output The strict avalanche criterion A change in one bit in the input should change each output bit with probability 1 2 If this does not hold, an attacker can make predictions on the input, given only the output
13 Build the system from components Input L R + Output E(L) R Diffusion: A change in one bit in the input should change each output bit with probability 1 2 This is done by mixing the bits
14 Build the system from components Input L R + f Output E(L) R Diffusion: A change in one bit in the input should change each output bit with probability 1 2 This is done by mixing the bits
15 Build the system from components Input L R k + f Output E k (L) R Diffusion: A change in one bit in the input should change each output bit with probability 1 2 This is done by mixing the bits Use different functions depending on the key
16 Build the system from components Input L R k + f Output E k (L) R Diffusion: A change in one bit in the input should change each output bit with probability 1 2 This is done by mixing the bits Use different functions depending on the key Confusion is created by using a nonlinear f
17 Feistel network Input L 0 R 0 k 1 Round 1 + f L 1 R 1 k 2 Round 2 + f L 2 R 2
18 Feistel network Input L 0 R 0 k 1 Round 1 + f Substitution Permutation L 1 R 1 k 2 Round 2 + f L 2 R 2
19 DES Input IP L 0 R 0 k 1 Round 1 + f k 2 Round 2 + f (16 rounds). L 16 R 16 IP 1 Output
20 DES IP b 58 b 50 b 42 b 34 b 26 b 18 b 10 b 2 b 60 b 52 b 44 b 36 b 28 b 20 b 12 b 4 b 62 b 54 b 46 b 38 b 30 b 22 b 14 b 6 b 64 b 56 b 48 b 40 b 32 b 24 b 16 b 8 b 57 b 49 b 41 b 33 b 25 b 17 b 9 b 1 b 59 b 51 b 43 b 35 b 27 b 19 b 11 b 3 b 61 b 53 b 45 b 37 b 29 b 21 b 13 b 5 b 63 b 55 b 47 b 39 b 31 b 23 b 15 b 7
21 DES Input IP L 0 R 0 k 1 Round 1 + f k 2 Round 2 + f (16 rounds). L 16 R 16 IP 1 Output
22 DES R i k i f 6 bits 32 bits Expander 48 bits + S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 4 bits Permutation 32 bits f (R i, k i )
23 DES Expander b 32 b 1 b 2 b 3 b 4 b 5 b 6 b 7 b 8 b 9 b 8 b 9 b 10 b 11 b 12 b 13 b 14 b 15 b 16 b 17 b 16 b 17 b 18 b 19 b 20 b 21 b 22 b 23 b 24 b 25 b 24 b 25 b 26 b 27 b 28 b 29 b 30 b 31 b 32 b 1 Permutation b 16 b 7 b 20 b 21 b 29 b 12 b 28 b 17 b 1 b 15 b 23 b 26 b 5 b 18 b 31 b 10 b 2 b 8 b 24 b 14 b 32 b 27 b 3 b 9 b 19 b 13 b 30 b 6 b 22 b 11 b 4 b 25
24 DES b 1 b 2 b 3 b 4 b 5 b 6 S row index: b 1 b 6, column index: b 2 b 3 b 4 b 5
25 DES R i k i f 6 bits 32 bits Expander 48 bits + S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 4 bits Permutation 32 bits f (R i, k i )
26 DES Input IP L 0 R 0 k 1 Round 1 + f k 2 Round 2 + f (16 rounds). L 16 R 16 IP 1 Output
27 DES key schedule 56 bits Key Key-permutation Each key bit is used in (close to) 14 of 16 rounds C 0 D 0 Rotation Rotation C 1 D 1 Rotation Rotation Choice k 1 48 bits..
28 DES S row index: b 1 b 6, column index: b 2 b 3 b 4 b 5 There was a lot of controversy surrounding the S-box construction People were worried there were backdoors in the system But in the late eighties it was found that even small changes in the S-boxes gave a weaker system
29 DES After the (re-)discovery of differential cryptanalysis, in 1994 IBM published the construction criteria Each S-box has 6 input bits and four output bits (1970 s hardware limit) The S-boxes should not be linear functions, or even close to linear Each row of an S-box contains all numbers from 0 to 15 Two inputs that differ by 1 bit should give outputs that differ by at least 2 bits Two inputs that differ in the first 2 bits but are equal in the last 2 bits should give unequal outputs There are 32 pairs of inputs with a given XOR. No more than eight of the corresponding outputs should have equal XORs A similar criterion involving three S-boxes
30 DES After the (re-)discovery of differential cryptanalysis, in 1994 IBM published the construction criteria Each S-box has 6 input bits and four output bits (1970 s hardware limit) The S-boxes should not be linear functions, or even close to linear Each row of an S-box contains all numbers from 0 to 15 Two inputs that differ by 1 bit should give outputs that differ by at least 2 bits Two inputs that differ in the first 2 bits but are equal in the last 2 bits should give unequal outputs There are 32 pairs of inputs with a given XOR. No more than eight of the corresponding outputs should have equal XORs A similar criterion involving three S-boxes
31 Linearity A function f from is linear if f (ax + by) = a f (x) + b f (y) Example: f (t) = 7t is linear A (close to) linear system is much easier to analyse Therefore, you cannot use only simple mathematical functions
32 Linear cryptanalysis Make a linear approximation of the cipher This will have k as parameter Use many plaintext-ciphertext pairs to deduce which linear approximation is the best, and this will correspond to the most likely key Key Key Alice E k D k m c m Bob Eve
33 Prohibit linear cryptanalysis Examples: f (t) = 7t is linear but f (t) = (7t mod 8) in the ring of numbers mod 16 is nonlinear, because f (2) 2f (1): f (2) = (14 mod 8) = 6 2f (1) = 2(7 mod 8) = 14 of course f (t) = (7t mod 8) is linear in the ring of numbers mod 8
34 Prohibit linear analysis R i f 32 bits Expander k i 48 bits + 6 bits S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 4 bits Permutation 32 bits f (R i, k i ) In DES, smaller blocks are used in each step, and are combined to create non-linearity with respect to the larger blocks The S-box itself is also chosen to be non-linear
35 Linear cryptanalysis of DES Make a linear approximation of the S-boxes Combine these into a linear approximation of the whole cipher This will have k as parameter Use many plaintext-ciphertext pairs to deduce which linear approximation is the best, and this will correspond to the most likely key Needs 2 43 plaintext-ciphertext pairs for DES
36 DES After the (re-)discovery of differential cryptanalysis, in 1994 IBM published the construction criteria Each S-box has 6 input bits and four output bits (1970 s hardware limit) The S-boxes should not be linear functions, or even close to linear Each row of an S-box contains all numbers from 0 to 15 Two inputs that differ by 1 bit should give outputs that differ by at least 2 bits Two inputs that differ in the first 2 bits but are equal in the last 2 bits should give unequal outputs There are 32 pairs of inputs with a given XOR. No more than eight of the corresponding outputs should have equal XORs A similar criterion involving three S-boxes
37 DES After the (re-)discovery of differential cryptanalysis, in 1994 IBM published the construction criteria Each S-box has 6 input bits and four output bits (1970 s hardware limit) The S-boxes should not be linear functions, or even close to linear Each row of an S-box contains all numbers from 0 to 15 Two inputs that differ by 1 bit should give outputs that differ by at least 2 bits Two inputs that differ in the first 2 bits but are equal in the last 2 bits should give unequal outputs There are 32 pairs of inputs with a given XOR. No more than eight of the corresponding outputs should have equal XORs A similar criterion involving three S-boxes
38 DES R i k i f 6 bits 32 bits Expander 48 bits + S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 4 bits Permutation 32 bits f (R i, k i )
39 Simple(r) Encryption System R i f 6 bits Expander b 1 b 2 b 4 b 3 b 4 b 3 b 5 b 6 k i 8 bits + 4 bits S bits 6 bits S f (R i, k i )
40 A one-round Feistel network is trivial to break Input L 0 R 0 k 1 Round 1 + f L 1 R 1 A known-plaintext attack breaks the system, because then you know R 0 and f (R 0, k 1 ) = R 1 L 0, so you can find k 1
41 A one-round Feistel network is trivial to break Input L 0 R 0 k 1 Round 1 + f L 1 = R 0 R 1 = L 0 f (R 0, k 1 ) A known-plaintext attack breaks the system, because then you know R 0 and f (R 0, k 1 ) = R 1 L 0, so you can find k 1
42 Simple(r) Encryption System, example R i = f 6 bits Expander b 1 b 2 b 4 b 3 b 4 b 3 b 5 b 6 k i 8 bits + 4 bits S bits 6 bits S f (R i, k i ) =
43 Simple(r) Encryption System, example R i = f Expander b 1 b 2 b 4 b 3 b 4 b 3 b 5 b 6 k i k h i S k l i S f (R i, k i ) =
44 Simple(r) Encryption System, example R i = f Expander b 1 b 2 b 4 b 3 b 4 b 3 b 5 b 6 k i k h i S k l i S f (R i, k i ) =
45 A two-round Feistel network is trivial to break Input L 0 R 0 k 1 Round 1 + f Round 2 + f R 0 L 0 f (R 0, k 1 ) k 2 L 0 f (R 0, k 1 ) R 0 f (L 2, k 2 ) Use the same method twice: (R 0, f (R 0, l 1 ) = L 2 L 0 ); (L 2, f (L 2, k 2 ) = R 2 R 0 ). Now, the key schedule may rule out some combinations.
46 A three-round Feistel network is simple to break L 0 R 0 R 0 L 0 f (R 0, k 1 ) L 0 f (R 0, k 1 ) L 3 L 3 R 3 = L 0 f (R 0, k 1 ) f (L 3, k 3 ) Perform two known-plaintext attacks for L 0 R 0 and L 0 R 0 with R 0 = R 0. Then, the outputs have the relation R 3 R 3 = L 0 L 0 f (L 3, k 3 ) f (L 3, k 3 ) We have L 3 L 3 and f (L 3, k 3 ) f (L 3, k 3)
47 Simple(r) Encryption System, given XOR L 3 L 3 = f Expander b 1 b 2 b 4 b 3 b 4 b 3 b 5 b 6 k i E(L 3) E(L 3 ) = XOR: 1011 S XOR: 100 S f (L 3, k 3 ) f (L 3, k 3) =
48 Simple(r) Encryption System, given XOR k i f L 3 L 3 = E(L 3) E(L 3 ) = XOR: 1011 S XOR: 100 f (L 3, k 3 ) f (L 3, k 3) = E(L 3 ) k 3 E(L 3 ) k 3 Out XOR Expander b 1 b 2 b 4 b 3 b 4 b 3 b b S
49 Simple(r) Encryption System, given XOR k i f L 3 L 3 = E(L 3) E(L 3 ) = XOR: 1011 S XOR: 100 f (L 3, k 3 ) f (L 3, k 3) = E(L 3 ) k 3 E(L 3 ) k 3 Out XOR Expander b 1 b 2 b 4 b 3 b 4 b 3 b b S
50 Simple(r) Encryption System, given XOR k i f L 3 L 3 = E(L 3) E(L 3 ) = XOR: 1011 S XOR: 100 f (L 3, k 3 ) f (L 3, k 3) = E(L 3 ) k 3 E(L 3 ) k 3 Out XOR Expander b 1 b 2 b 4 b 3 b 4 b 3 b b S
51 A three-round Feistel network is simple to break L 0 R 0 R 0 L 0 f (R 0, k 1 ) L 0 f (R 0, k 1 ) L 3 L 3 R 3 = L 0 f (R 0, k 1 ) f (L 3, k 3 ) Choose R 0 = R 0 so that f (R 0, k 1 ) f (R 0, k 1) = 0. Then, we can calculate f (L 3, k 3 ) f (L 3, k 3)
52 A four-round Feistel network is more complicated to break L 0 R 0 L 1 R 1 R 1 L 1 f (R 1, k 2 ) L 1 f (R 1, k 2 ) L 4 = L 0 f (R 0, k 1 ) f (L 3, k 3 ) L 4 R 4 = L 1 f (R 1, k 2 ) f (L 4, k 4 ) Here, if we can guess f (R 1, k 2 ) f (R 1, k 2) (even if it is 0), we can calculate f (L 4, k 4 ) f (L 4, k 4)
53 Simple(r) Encryption System, given XOR R 1 R 1 = f Expander b 1 b 2 b 4 b 3 b 4 b 3 b 5 b 6 k i E(R 1) E(R1 ) = XOR: 0011 S XOR:? S f (R 1, k 2 ) f (R 1, k 2) =?
54 Simple(r) Encryption System, given XOR k i f R 1 R 1 = E(R 1) E(R1 ) = XOR: 0011 S XOR:? f (R 1, k 2 ) f (R 1, k 2) =? E(R 1 ) k 2 E(R 1 ) k 2 Out XOR Expander b 1 b 2 b 4 b 3 b 4 b 3 b b S
55 Simple(r) Encryption System, given XOR k i f R 1 R 1 = E(R 1) E(R1 ) = XOR: 0011 S XOR:? f (R 1, k 2 ) f (R 1, k 2) =? E(R 1 ) k 2 E(R 1 ) k 2 Out XOR Expander b 1 b 2 b 4 b 3 b 4 b 3 b b S Warning!
56 A four-round Feistel network is more complicated to break L 0 R 0 L 1 R 1 R 1 L 1 f (R 1, k 2 ) L 1 f (R 1, k 2 ) L 4 = L 0 f (R 0, k 1 ) f (L 3, k 3 ) L 4 R 4 = L 1 f (R 1, k 2 ) f (L 4, k 4 ) Here, if we can guess f (R 1, k 2 ) f (R 1, k 2) (even if it is 0), we can calculate f (L 4, k 4 ) f (L 4, k 4) Take random input pairs, and use the most likely output XOR to deduce the most likely k 4
57 DES The seemingly strange criterion is to prohibit differential cryptanalysis There are 32 pairs of inputs with a given XOR. No more than eight of the corresponding outputs should have equal XORs The designers knew about differential cryptanalysis Still, it works on DES, and breaks 15-round DES faster than exhaustive search (16-round DES requires 2 47 chosen plaintexts pairs)
58 Computational cost of breaking DES DES was standardized 1975, and already 1977 there was an estimate that a machine to break it would cost $20M (1977 dollars) DES was recertified in 1992 despite growing concerns One can use distributed computing, specialized hardware, or nowadays, cheap FPGAs In the DES challenge in 1997 the key was found in five months (distributed computation) having searched 25% of the key space (1998: 39 days, 85%) 1998: EFF DES cracker, parallelized, $200k, 4.5 days (on average)
59 Key length Table 7.1: Minimum symmetric key-size in bits for various attackers. Attacker Budget Hardware Min security Hacker 0 PC 58 < $400 PC(s)/FPGA 63 0 Malware 77 Small organization $10k PC(s)/FPGA 69 Medium organization $300k FPGA/ASIC 69 Large organization $10M FPGA/ASIC 78 Intelligence agency $300M ASIC 84 From ECRYPT II Yearly Report on Algorithms and Keysizes ( )
60 Key length Table 7.1: Minimum symmetric key-size in bits for various attackers Attacker Budget Hardware Min security (1996) Hacker 0 PC < $400 PC(s)/FPGA Malware 77 Small organization $10k PC(s)/FPGA Medium organization $300k FPGA/ASIC Large organization $10M FPGA/ASIC Intelligence agency $300M ASIC From ECRYPT II Yearly Report on Algorithms and Keysizes ( )
61 Key length Table 7.4: Security levels (symmetric equivalent) Security Protection Comment (bits) 32 Real-time, individuals Only auth. tag size 64 Very short-term, small org Not for confidentiality in new systems 72 Short-term, medium org Medium-term, small org 80 Very short-term, agencies Smallest general-purpose Long-term, small org < 4 years protection (E.g., use of 2-key 3DES, < 2 40 plaintext/ciphertexts) 96 Legacy standard level 2-key 3DES restricted to 10 6 plaintext/ciphertexts, 10 years protection 112 Medium-term protection 20 years protection (E.g., 3-key 3DES) 128 Long-term protection Good, generic application-indep. Recommendation, 30 years 256 Foreseeable future Good protection against quantum computers unless Shor s algorithm applies. From ECRYPT II Yearly Report on Algorithms and Keysizes ( )
62 Double DES k 1 k 2 Cleartext DES DES Cryptotext E k2 ( Ek1 (m) ) E k3 (m) Encrypt repeatedly with the keys consisting of all 0s and all 1s. The smallest n such that (E 0 E 1 ) n (m) = m is called the cycle length. If DES is a group, then n < 2 56 Lemma: the smallest integer N such that (E 0 E 1 ) N (m) = m for all m contains all individual cycles as factors An example has been found where the cycle lengths of 33 messages has the least common multiple of
63 Meet-in-the-middle attacks A meet-in-the-middle attack is a known plaintext attack Make a list of all 2 56 possible (single-des) encryptions of the plaintext, and of all 2 56 (single-des) decryptions of the ciphertext Match the two lists. The key(s) that give the same middle value is (are) the key (candidates) Attack is of complexity 2 57
64 Triple DES Cleartext k 1 k 2 k 3 E k1 E k2 E k3 Cryptotext More common: Cleartext k 1 k 2 k 3 E k1 D k2 E k3 Cryptotext Breaking three-key triple DES has a complexity of 2 112
65 Key length Table 7.4: Security levels (symmetric equivalent) Security Protection Comment (bits) 32 Real-time, individuals Only auth. tag size 64 Very short-term, small org Not for confidentiality in new systems 72 Short-term, medium org Medium-term, small org 80 Very short-term, agencies Smallest general-purpose Long-term, small org < 4 years protection (E.g., use of 2-key 3DES, < 2 40 plaintext/ciphertexts) 96 Legacy standard level 2-key 3DES restricted to 10 6 plaintext/ciphertexts, 10 years protection 112 Medium-term protection 20 years protection (E.g., 3-key 3DES) 128 Long-term protection Good, generic application-indep. Recommendation, 30 years 256 Foreseeable future Good protection against quantum computers unless Shor s algorithm applies. From ECRYPT II Yearly Report on Algorithms and Keysizes ( )
66 Next lecture AES Mathematics: intro to finite fields Modes of operation Message Authentication Codes, MACs
Attacks on DES , K 2. ) L 3 = R 2 = L 1 f ( R 1, K 2 ) R 4 R 2. f (R 1 = L 1 ) = L 1. ) f ( R 3 , K 4. f (R 3 = L 3
Attacks on DES 1 Attacks on DES Differential cryptanalysis is an attack on DES that compares the differences (that is, XOR values between ciphertexts of certain chosen plaintexts to discover information
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationModule 2 Advanced Symmetric Ciphers
Module 2 Advanced Symmetric Ciphers Dr. Natarajan Meghanathan Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Data Encryption Standard (DES) The DES algorithm
More informationLecture 4: DES and block ciphers
Lecture 4: DES and block ciphers Johan Håstad, transcribed by Ernir Erlingsson 2006-01-25 1 DES DES is a 64 bit block cipher with a 56 bit key. It selects a 64 bit block and modifies it depending on the
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationStream ciphers. Pawel Wocjan. Department of Electrical Engineering & Computer Science University of Central Florida
Stream ciphers Pawel Wocjan Department of Electrical Engineering & Computer Science University of Central Florida wocjan@eecs.ucf.edu Definition of block ciphers Block ciphers: crypto work horse n bits
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationIntroduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES
CSC/ECE 574 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms CSC/ECE 574 Dr. Peng Ning 1 Outline Introductory Remarks Feistel Cipher DES AES CSC/ECE 574 Dr. Peng Ning 2 Introduction
More informationImproved Impossible Differential Cryptanalysis of Rijndael and Crypton
Improved Impossible Differential Cryptanalysis of Rijndael and Crypton Jung Hee Cheon 1, MunJu Kim 2, Kwangjo Kim 1, Jung-Yeun Lee 1, and SungWoo Kang 3 1 IRIS, Information and Communications University,
More informationAlternative Approaches: Bounded Storage Model
Alternative Approaches: Bounded Storage Model A. Würfl 17th April 2005 1 Motivation Description of the Randomized Cipher 2 Motivation Motivation Description of the Randomized Cipher Common practice in
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University February 5 2018 Review Relation between PRF and PRG Construct PRF from
More informationBlock Ciphers and Feistel cipher
introduction Lecture (07) Block Ciphers and cipher Dr. Ahmed M. ElShafee Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure
More informationBlock ciphers. Block ciphers. Data Encryption Standard (DES) DES: encryption circuit
Block ciphers Block ciphers Myrto Arapinis School o Inormatics University o Edinburgh January 22, 2015 A block cipher with parameters k and l is a pair o deterministic algorithms (E, D) such that Encryption
More informationSolutions to the Midterm Test (March 5, 2011)
MATC16 Cryptography and Coding Theory Gábor Pete University of Toronto Scarborough Solutions to the Midterm Test (March 5, 2011) YOUR NAME: DO NOT OPEN THIS BOOKLET UNTIL INSTRUCTED TO DO SO. INSTRUCTIONS:
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 3 January 22, 2013 CPSC 467b, Lecture 3 1/35 Perfect secrecy Caesar cipher Loss of perfection Classical ciphers One-time pad Affine
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 08 Shannon s Theory (Contd.)
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationMenu. Lecture 5: DES Use and Analysis. DES Structure Plaintext Initial Permutation. DES s F. S-Boxes 48 bits Expansion/Permutation
Lecture : Use and nalysis Menu Today s manifest: on line only Review Modes of Operation ttacks CS: Security and rivacy University of Virginia Computer Science David Evans http://www.cs.virginia.edu/~evans
More informationBLOCK CIPHERS KEY-RECOVERY SECURITY
BLOCK CIPHERS and KEY-RECOVERY SECURITY Mihir Bellare UCSD 1 Notation Mihir Bellare UCSD 2 Notation {0, 1} n is the set of n-bit strings and {0, 1} is the set of all strings of finite length. By ε we denote
More informationJay Daigle Occidental College Math 401: Cryptology
3 Block Ciphers Every encryption method we ve studied so far has been a substitution cipher: that is, each letter is replaced by exactly one other letter. In fact, we ve studied stream ciphers, which produce
More informationExercise Sheet Cryptography 1, 2011
Cryptography 1 http://www.cs.ut.ee/~unruh/crypto1-11/ Exercise Sheet Cryptography 1, 2011 Exercise 1 DES The Data Encryption Standard (DES) is a very famous and widely used block cipher. It maps 64-bit
More informationDivision Property: a New Attack Against Block Ciphers
Division Property: a New Attack Against Block Ciphers Christina Boura (joint on-going work with Anne Canteaut) Séminaire du groupe Algèbre et Géometrie, LMV November 24, 2015 1 / 50 Symmetric-key encryption
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationSolution to Midterm Examination
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationDD2448 Foundations of Cryptography Lecture 3
DD2448 Foundations of Cryptography Lecture 3 Douglas Wikström KTH Royal Institute of Technology dog@kth.se February 3, 2016 Linear Cryptanalysis of the SPN Basic Idea Linearize Find an expression of the
More informationOn the Design of Trivium
On the Design of Trivium Yun Tian, Gongliang Chen, Jianhua Li School of Information Security Engineering, Shanghai Jiaotong University, China ruth tian@sjtu.edu.cn, chengl@sjtu.edu.cn, lijh888@sjtu.edu.cn
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationChapter 2. A Look Back. 2.1 Substitution ciphers
Chapter 2 A Look Back In this chapter we take a quick look at some classical encryption techniques, illustrating their weakness and using these examples to initiate questions about how to define privacy.
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationCryptography 2017 Lecture 2
Cryptography 2017 Lecture 2 One Time Pad - Perfect Secrecy Stream Ciphers November 3, 2017 1 / 39 What have seen? What are we discussing today? Lecture 1 Course Intro Historical Ciphers Lecture 2 One Time
More informationModified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration
Journal of Computer Science 4 (1): 15-20, 2008 ISSN 1549-3636 2008 Science Publications Modified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration V.U.K. Sastry and N. Ravi Shankar
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationK Anup Kumar et al,int.j.comp.tech.appl,vol 3 (1), 23-31
K Anup Kumar et al,int.j.comp.tech.appl,vol 3 (1), 23-31 A Modified Feistel Cipher involving a key as a multiplicant on both the sides of the Plaintext matrix and supplemented with Mixing Permutation and
More informationThe Artin-Feistel Symmetric Cipher
The Artin-Feistel Symmetric Cipher May 23, 2012 I. Anshel, D. Goldfeld. Introduction. The Feistel cipher and the Braid Group The main aim of this paper is to introduce a new symmetric cipher, which we
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More information5. Classical Cryptographic Techniques from modular arithmetic perspective
. Classical Cryptographic Techniques from modular arithmetic perspective By classical cryptography we mean methods of encipherment that have been used from antiquity through the middle of the twentieth
More informationImplementation Tutorial on RSA
Implementation Tutorial on Maciek Adamczyk; m adamczyk@umail.ucsb.edu Marianne Magnussen; mariannemagnussen@umail.ucsb.edu Adamczyk and Magnussen Spring 2018 1 / 13 Overview Implementation Tutorial Introduction
More informationAkelarre. Akelarre 1
Akelarre Akelarre 1 Akelarre Block cipher Combines features of 2 strong ciphers o IDEA mixed mode arithmetic o RC5 keyed rotations Goal is a more efficient strong cipher Proposed in 1996, broken within
More informationA Block Cipher using an Iterative Method involving a Permutation
Journal of Discrete Mathematical Sciences & Cryptography Vol. 18 (015), No. 3, pp. 75 9 DOI : 10.1080/097059.014.96853 A Block Cipher using an Iterative Method involving a Permutation Lakshmi Bhavani Madhuri
More informationPermutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1
Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1 Kwangsu Lee A Thesis for the Degree of Master of Science Division of Computer Science, Department
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationA Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix
A Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix S. Udaya Kumar V. U. K. Sastry A. Vinaya babu Abstract In this paper, we have developed a block cipher
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More informationStructural Cryptanalysis of SASAS
tructural Cryptanalysis of AA Alex Biryukov and Adi hamir Computer cience department The Weizmann Institute Rehovot 76100, Israel. Abstract. In this paper we consider the security of block ciphers which
More informationCHAPTER 5 A BLOCK CIPHER INVOLVING A KEY APPLIED ON BOTH THE SIDES OF THE PLAINTEXT
82 CHAPTER 5 A BLOCK CIPHER INVOLVING A KEY APPLIED ON BOTH THE SIDES OF THE PLAINTEXT 83 5.1 Introduction In a pioneering paper, Hill [5] developed a block cipher by using the modular arithmetic inverse
More informationHow Fast can be Algebraic Attacks on Block Ciphers?
How Fast can be Algebraic Attacks on Block Ciphers? Nicolas T. Courtois Axalto mart Cards, 36-38 rue de la Princesse BP 45, 78430 Louveciennes Cedex, France http://www.nicolascourtois.net courtois@minrank.org
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationDifferential Attack on Five Rounds of the SC2000 Block Cipher
Differential Attack on Five Rounds of the SC2 Block Cipher Jiqiang Lu Department of Mathematics and Computer Science, Eindhoven University of Technology, 56 MB Eindhoven, The Netherlands lvjiqiang@hotmail.com
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationLattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.
Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More information(Solution to Odd-Numbered Problems) Number of rounds. rounds
CHAPTER 7 AES (Solution to Odd-Numbered Problems) Review Questions. The criteria defined by NIST for selecting AES fall into three areas: security, cost, and implementation. 3. The number of round keys
More informationfunctions. E.G.BARDIS*, N.G.BARDIS*, A.P.MARKOVSKI*, A.K.SPYROPOULOS**
Security Analysis of Cryptographic Algorithms by means of Boolean Functions E.G.BARDIS*, N.G.BARDIS*, A.P.MARKOVSKI*, A.K.SPYROPOULOS** * Department of Computer Science National Technical University of
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationTruncated differential cryptanalysis of five rounds of Salsa20
Truncated differential cryptanalysis of five rounds of Salsa20 Paul Crowley 17th October 2005 Abstract We present an attack on Salsa20 reduced to five of its twenty rounds. This attack uses many clusters
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationBlock Ciphers. Chester Rebeiro IIT Madras. STINSON : chapters 3
Block Ciphers Chester Rebeiro IIT Madras STINSON : chapters 3 Block Cipher K E K D Alice untrusted communication link E #%AR3Xf34^$ message encryption (ciphertext) Attack at Dawn!! D decryption Bob Attack
More informationCodes and Cryptography. Jorge L. Villar. MAMME, Fall 2015 PART XII
Codes and Cryptography MAMME, Fall 2015 PART XII Outline 1 Symmetric Encryption (II) 2 Construction Strategies Construction Strategies Stream ciphers: For arbitrarily long messages (e.g., data streams).
More informationModified Hill Cipher with Interlacing and Iteration
Journal of Computer Science 3 (11): 854-859, 2007 ISSN 1549-3636 2007 Science Publications Modified Hill Cipher with Interlacing and Iteration 1 V.U.K. Sastry and 2 N. Ravi Shankar 1 Department of R and
More informationChosen Plaintext Attacks (CPA)
Chosen Plaintext Attacks (CPA) Goals New Attacks! Chosen Plaintext Attacks (often CPA) is when Eve can choose to see some messages encoded. Formally she has Black Box for ENC k. We will: 1. Define Chosen
More informationCSCI3381-Cryptography
CSCI3381-Cryptography Lecture 2: Classical Cryptosystems September 3, 2014 This describes some cryptographic systems in use before the advent of computers. All of these methods are quite insecure, from
More informationCryptography CS 555. Topic 2: Evolution of Classical Cryptography CS555. Topic 2 1
Cryptography CS 555 Topic 2: Evolution of Classical Cryptography Topic 2 1 Lecture Outline Basics of probability Vigenere cipher. Attacks on Vigenere: Kasisky Test and Index of Coincidence Cipher machines:
More informationCryptography: A Fairy Tale for Mathematicians and Starring Mathematicians!
Cryptography: A Fairy Tale for Mathematicians and Starring Mathematicians! University of California, Berkeley Mathematics Undergraduate Student Association October 27, 2014 Why Crypto? So why on earth
More informationmonoalphabetic cryptanalysis Character Frequencies (English) Security in Computing Common English Digrams and Trigrams Chapter 2
Common English Digrams and Trigrams Digrams EN RE ER NT TH ON IN TF AN OR Trigrams ENT ION AND ING IVE TIO FOR OUR THI ONE monoalphabetic cryptanalysis See class example Pfleeger, Security in Computing,
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationBlock Cipher Cryptanalysis: An Overview
0/52 Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Outline Iterated Block Cipher 1 Iterated Block Cipher 2 S-Boxes 3 A Basic Substitution
More informationLecture 5: Pseudorandom functions from pseudorandom generators
Lecture 5: Pseudorandom functions from pseudorandom generators Boaz Barak We have seen that PRF s (pseudorandom functions) are extremely useful, and we ll see some more applications of them later on. But
More informationMATH 509 Differential Cryptanalysis on DES
MATH 509 on DES Department of Mathematics, Boise State University Spring 2012 MATH 509 on DES MATH 509 on DES Feistel Round Function for DES MATH 509 on DES 1977: DES is approved as a standard. 1 1 Designers:
More informationPart (02) Modem Encryption techniques
Part (02) Modem Encryption techniques Dr. Ahmed M. ElShafee 1 Block Ciphers and Feistel cipher Dr. Ahmed M. ElShafee 2 introduction Modern block ciphers are widely used to provide encryption of quantities
More informationIntroduction to Cryptology. Lecture 2
Introduction to Cryptology Lecture 2 Announcements 2 nd vs. 1 st edition of textbook HW1 due Tuesday 2/9 Readings/quizzes (on Canvas) due Friday 2/12 Agenda Last time Historical ciphers and their cryptanalysis
More informationSymmetric Ciphers. Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5)
Symmetric Ciphers Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5) Symmetric Cryptography C = E(P,K) P = D(C,K) Requirements Given C, the only way to obtain P should be with the knowledge of K Any
More informationAlgebraic Aspects of Symmetric-key Cryptography
Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information Security Group Royal Holloway, University of London 04.May.2007 ECRYPT Summer School 1 Algebraic Techniques
More informationDan Boneh. Stream ciphers. The One Time Pad
Online Cryptography Course Stream ciphers The One Time Pad Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs (E, D) where E is often randomized. D is always deterministic.
More informationBiomedical Security. Overview 9/15/2017. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Overview Cryptography: Algorithms Cryptography: Protocols Pretty Good Privacy (PGP) / B. Schneier Workshop Biomedical Security Biomedical Application Security (guest
More informationPerfectly-Secret Encryption
Perfectly-Secret Encryption CSE 5351: Introduction to Cryptography Reading assignment: Read Chapter 2 You may sip proofs, but are encouraged to read some of them. 1 Outline Definition of encryption schemes
More informationEXAM IN. TDA352 (Chalmers) - DIT250 (GU) 18 January 2019, 08:
CHALMERS GÖTEBORGS UNIVERSITET EXAM IN CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 18 January 2019, 08:30 12.30 Tillåtna hjälpmedel: Typgodkänd räknare. Annan minnestömd räknare får användas efter godkännande
More informationSTREAM CIPHER. Chapter - 3
STREAM CIPHER Chapter - 3 S t r e a m C i p h e r P a g e 38 S t r e a m C i p h e r P a g e 39 STREAM CIPHERS Stream cipher is a class of symmetric key algorithm that operates on individual bits or bytes.
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationDan Boneh. Introduction. Course Overview
Online Cryptography Course Introduction Course Overview Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationA block cipher enciphers each block with the same key.
Ciphers are classified as block or stream ciphers. All ciphers split long messages into blocks and encipher each block separately. Block sizes range from one bit to thousands of bits per block. A block
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More information