Introduction. Outline. CSC/ECE 574 Computer and Network Security. Secret Keys or Secret Algorithms? Secrets? (Cont d) Secret Key Cryptography
|
|
- Juliana Gray
- 6 years ago
- Views:
Transcription
1 Outline CSC/ECE 574 Computer and Network Security Introductory Remarks Feistel Cipher DES AES Topic 3.1 Secret Key Cryptography Algorithms CSC/ECE 574 Dr. Peng Ning 1 CSC/ECE 574 Dr. Peng Ning 2 Secret Keys or Secret Algorithms? Introduction Security by obscurity hide the details o the algorithms drawback: hard to keep secret i cipher is used widely, or implementation can be reverse engineered Alternative: publish the algorithms ewer vulnerabilities will result i many smart people try and ail to break the cipher security o the cipher depends on the secrecy o the keys, instead CSC/ECE 574 Dr. Peng Ning 3 CSC/ECE 574 Dr. Peng Ning 4 Secrets? (Cont d) Secret Key Cryptography Commercial world relies upon standardized, public algorithms, and secret keys Government tends to also rely on secret algorithms plaintext Encryption ciphertext key Decryption plaintext Same key is used or both encryption and decryption this one key is shared by two parties who wish to communicate securly Also known as symmetric key cryptography, or shared key cryptography CSC/ECE 574 Dr. Peng Ning 5 CSC/ECE 574 Dr. Peng Ning 6
2 Applications o Secret Key Crypto Communicating securely over an insecure channel Alice encrypts using shared key Bob decrypts result using same shared key Secure storage on insecure media Bob encrypts data beore storage Bob decrypts data on retrieval using the same key Applications (Cont d) Message integrity Alice computes a message integrity code (MIC) rom the message, then encrypts with shared key Bob decrypts the MIC on receipt, and veriies that it agrees with message contents Authentication Bob can veriy Alice sent the message how is that possible? CSC/ECE 574 Dr. Peng Ning 7 CSC/ECE 574 Dr. Peng Ning 8 Generic Block Encryption Converts one input plaintext block o ixed size k bits to an output ciphertext block also o k bits Beneits o large k? o short k? plaintext key ciphertext block 0 block 1 block 2 Encryption block 0 block 1 block 2 Key Sizes Keys should be selected rom a large potential set, to prevent brute orce attacks Secret key sizes 40 bits were considered adequate in 70 s 56 bits used by DES were adequate in the 80 s 128 bits are adequate or now I computers increase in power by 40% per year, need roughly 5 more key bits per decade to stay suiciently hard to break CSC/ECE 574 Dr. Peng Ning 9 CSC/ECE 574 Dr. Peng Ning 10 Notation Two Principles or Cipher Design Notation X Y X Y K{m} Meaning Bit-wise exclusive-or o X and Y Concatenation o X and Y Message m encrypted with secret key K Conusion: Make the relationship between the <plaintext, key> input and the <ciphertext> output as complex (nonlinear) as possible Diusion: Spread the inluence o each input bit across many output bits CSC/ECE 574 Dr. Peng Ning 11 CSC/ECE 574 Dr. Peng Ning 12
3 Exploiting the Principles Idea: use multiple, alternating permutations and substitutions, e.g., S P S P S P S P S P Do they have to alternate? e.g. S S S P P P S S?? Conusion is mainly accomplished by substitutions Diusion is mainly accomplished by permutations Example ciphers: DES, AES Secret Key (Cont d) Basic technique used in secret key ciphers: multiple applications o alternating substitutions and permutations plaintext S P S P S ciphertext key Well-known examples: DES, AES CSC/ECE 574 Dr. Peng Ning 13 CSC/ECE 574 Dr. Peng Ning 14 Basic Form o Modern Block Ciphers Plaintext block Preprocessing Rounds o Encryption i=1,2,,n Postprocessing Key Sub-Key Generation Sub-Key #1 Sub-Key #2 Sub-Key #3 Sub-Key #n Feistel Ciphers Ciphertext block CSC/ECE 574 Dr. Peng Ning 15 CSC/ECE 574 Dr. Peng Ning 16 Overview One Round o Feistel Encryption Feistel Cipher has been a very inluential template or designing a block cipher Major beneit: can do encryption and decryption with the same hardware Examples: DES, RC5 1. Break input block i into let and right halves L i and R i 2. Copy R i to create output hal block L i+1 3. Hal block R i and key K i are scrambled by unction 4. XOR result with input hal-block L i to create output hal-block R i+1 L i Input block i R i L i+1 R i+1 Output block i+1 K i CSC/ECE 574 Dr. Peng Ning 17 CSC/ECE 574 Dr. Peng Ning 18
4 One Round o Feistel Decryption Just reverse the arrows! Output block i+1 L i R i Complete Feistel Cipher: Encryption Plaintext (2w bits) L 0 R 0 K 1 K i Round i K 2 Round n L 2 R 2 K n L i+1 R i+1 Input block i note this inal swap! L n R n L n+1 R n+1 CSC/ECE 574 Dr. Peng Ning 19 Ciphertext CSC/ECE 574 (2w bits) Dr. Peng Ning 20 Feistel Cipher: Decryption Round i Ciphertext (2w bits) L 0 R 0 L 2 R 2 K n K n-1 Parameters o a Feistel Cipher Block size Key size Number o rounds Subkey generation algorithm Scrambling unction Round n K 1 note this inal swap! L n L n+1 R n+1 R n Plaintext CSC/ECE 574 (2w bits) Dr. Peng Ning 21 CSC/ECE 574 Dr. Peng Ning 22 Comments Decryption is same as encryption, only reversing the order in which are applied Reversability o Feistel cipher derives rom reversability o XOR Function can be anything Hopeully something easy to compute There is no need to invert DES (Data Encryption Standard) CSC/ECE 574 Dr. Peng Ning 23 CSC/ECE 574 Dr. Peng Ning 24
5 DES (Data Encryption Standard) Standardized in 1976 by NBS proposed by IBM, Feistel cipher Criteria (oicial) provide high level o security security must reside in key, not algorithm not patented must be exportable eicient to implement in hardware DES (Cont d) Criteria (unoicial) must be slow to execute in sotware must be breakable by NSA :-) CSC/ECE 574 Dr. Peng Ning 25 CSC/ECE 574 Dr. Peng Ning 26 DES Basics Blocks: 64 bit plaintext input, 64 bit ciphertext output Rounds: 16 Key: 64 bits every 8 th bit is a parity bit, so really 56 bits long 64 bit plaintext block DES Encryption 56 bit key (+ 8 bits parity) 64 bit ciphertext block CSC/ECE 574 Dr. Peng Ning 27 DES Top Level View 64-bit Input Initial Permutation Round 2 6 Swap Halves Final Permutation 64-bit Output 48-bit K 1 48-bit K 2 48-bit K bit Key Generate CSC/ECE 574 Dr. Peng Ning 28 Initial and Final Permutations Initial permutation given below input bit #58 output bit #1, input bit #50 output bit #2, bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 CSC/ECE 574 Dr. Peng Ning 29 Initial (Cont d) Final permutation is just inverse o initial permutation, i.e., input bit #1 output bit #58 input bit #2 output bit #50 64-bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 CSC/ECE 574 Dr. Peng Ning 30
6 Initial (Cont d) Key Generation: First Permutation Note #1: Initial Permutation is ully speciied (independent o key) thereore, does not improve security! why needed? Note #2: Final Permutation is needed to make this a Feistel cipher i.e., can use same hardware or both encryption and decryption First step: throw out 8 parity bits, then permute resulting 56 bits 7 columns CSC/ECE 574 Dr. Peng Ning 31 8 rows 64-bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 64-bit Output 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 Parity bits let out: 8,16,24, CSC/ECE 574 Dr. Peng Ning 32 KeyGen: Processing Per Round KeyGen: Permutation with Discard 28 bits 24 bits, each hal o key 48 bit K i C i-1 28 bits D i-1 28 bits Circular Let Shit C i Permutation with Discard Circular Let Shit D i 28 bits 28 bits Rounds i = 1,2,9,16: let circular shit 1 bit Other rounds: let circular shit 2 bits CSC/ECE 574 Dr. Peng Ning 33 Let hal o K i = permutation o C i Bits let out: 35,38,43,54 Bits let out: 9,18,22,25 Right hal o K i = permutation o D i CSC/ECE 574 Dr. Peng Ning 34 One DES (Feistel) Round DES Round: (Mangler) Function Input block i L i R i 64-bit Input Initial Permutation Round 2. Round.. 16 Swap Halves Final Permutation 56-bit Key Generate 48-bit K 1 48-bit K 2 48-bit K 16 Input block i L i R i unction = Mangler 32-bit hal block Expansion K i 64-bit Output K i 48 bits K i S-Box (substitution) L i+1 R i+1 Output block i+1 L i+1 R i+1 Output block i+1 Permutation 32-bit hal block CSC/ECE 574 Dr. Peng Ning 35 CSC/ECE 574 Dr. Peng Ning 36
7 : Expansion Function 32 bits 48 bits these bits are repeated : S-Box (Substitute, Shrink) 48 bits 32 bits 6 bits are used to select a 4-bit substitution i.e., or every output, there are our inputs that map to it 2 bits row 4 bits column I1 I2 I3 I4 I5 I6 S i or i = 1,,8 O1 O2 O3 O4 an integer between 0 and 15 CSC/ECE 574 Dr. Peng Ning 37 CSC/ECE 574 Dr. Peng Ning 38 : S 1 (Substitution) : Permutation Each row and column contain dierent numbers I2/I3/I4/I F I1/I6 0 E 4 D 1 2 F B 1 0 F 7 4 E 2 D E 8 D F C Example: input= , output= 1000 or S 2..S 8 (and rest o S 1 ), see the textbook 48 bits 48 bits CSC/ECE 574 Dr. Peng Ning 39 CSC/ECE 574 Dr. Peng Ning 40 DES Implementation Test Program That s it! Operations Permutation Swapping halves Substitution (S-box, table lookup) Bit discard Bit replication Circular shit XOR Hard to implement? HW: No, SW: Yes CSC/ECE 574 Dr. Peng Ning 41 CSC/ECE 574 Dr. Peng Ning 42
8 Good Design? DES Analysis We don t know i the particular details were well-chosen or strength, whether someone lipped coins to construct the S- boxes, or whether the details were chosen to have a weakness that could be exploited by the designers. CSC/ECE 574 Dr. Peng Ning 43 CSC/ECE 574 Dr. Peng Ning 44 Issues or Block Ciphers Number o rounds should be large enough to make advanced attacks as expensive as exhaustive search or the key Principles or S-Box Design S-box is the only non-linear part o DES Each row in the S-Box table should be a permutation o the possible output values Output o one S-box should aect other S- boxes in the ollowing round CSC/ECE 574 Dr. Peng Ning 45 CSC/ECE 574 Dr. Peng Ning 46 Desirable Property: Avalanche Eect DES Avalanche Eect: Example Roughly: a small change in either the plaintext or the key should produce a big change in the ciphertext Better: any output bit should be inverted (lipped) with probability.5 i any input bit is changed unction must be diicult to un-scramble should achieve avalanche eect output bits should be uncorrelated CSC/ECE 574 Dr. Peng Ning 47 2 plaintexts with 1 bit dierence: 0x and 0x encrypted using the same key: 0x016B24621C181C32 Resulting ciphertexts dier in 34 bits (out o 64) Similar results when keys dier by 1 bit CSC/ECE 574 Dr. Peng Ning 48
9 Example (cont d) An experiment: number o rounds vs. number o bits dierence Round # Bits changed DES: Keys to Avoid Using Weak keys : 4 keys with property K{K{m}} = m What s bad about that? These are keys which, ater the irst key permutation, are: 28 0 s ollowed by 28 0 s 28 0 s ollowed by 28 1 s 28 1 s ollowed by 28 0 s 28 1 s ollowed by 28 1 s CSC/ECE 574 Dr. Peng Ning 49 CSC/ECE 574 Dr. Peng Ning 50 More Keys to Avoid! Semi-weak keys : pairs o keys with the property K 1 {K 2 {m}} = m What s bad about that? These are keys which, ater the irst key permutation, are: s ollowed by alternating 0 s and 1 s s ollowed by alternating 1 s and 0 s 12. alternating 1 s and 0 s ollowed by alternating 1 s and 0 s DES Key Size 56 bits is currently too small to resist brute orce attacks using readily-available hardware Ten years ago it took $250,000 to build a machine that could crack DES in a ew hours Now? CSC/ECE 574 Dr. Peng Ning 51 CSC/ECE 574 Dr. Peng Ning 52 Cryptanalysis o DES Dierential cryptanalysis exploits dierences between encryptions o two dierent plaintext blocks provides insight into possible key values DES well designed to deeat dierential analysis Linear cryptanalysis requires known plaintext / ciphertext pairs, analyzes relationships to discover key value or DES, requires analyzing O(2 47 ) pairs No attacks on DES so ar are signiicantly better than brute orce attacks, or comparable cost AES CSC/ECE 574 Dr. Peng Ning 53 CSC/ECE 574 Dr. Peng Ning 54
10 Overview AES-128 Overview Selected rom an open competition, organized by NSA winner: Rijndael algorithm, standardized as AES Some similarities to DES (rounds,, alternate permutation+substitution) but not a Feistel cipher Block size = 128 bits Key sizes = 128, 192, or 256 Main criteria: secure, well justiied, ast 128-bit Input bit Output CSC/ECE 574 Dr. Peng Ning bit K bit K bit K bit key Generate Q1: What happens in each round? Q2: How are generated? CSC/ECE 574 Dr. Peng Ning 56 AES-128 State Each plaintext block o 16 bytes is arranged as 4 columns o 4 bytes each a 0 a 1 a 2 a 3 a 4 a 5 a 6 a 7 a 8 a 9 a 10 a 11 a 12 a 13 a 14 a 15 a 0 a 4 a 8 a 12 a 1 a 5 a 9 a 13 a 2 a 6 a 10 a 14 a 3 a 7 a 11 a 15 (Padding necessary or messages not a multiple o 16 bytes) CSC/ECE 574 Dr. Peng Ning 57 One AES-128 Round 1. Apply S-box unction to each byte o the state (i.e., 16 substitutions) 2. Rotate (row 0 o state is unchanged) row 1 o the state let 1 column row 2 o the state let 2 columns row 3 o the state let 3 columns 3. Apply MixColumn unction to each column o state last round omits this step CSC/ECE 574 Dr. Peng Ning 58 X Round Step 1. AES S-Box Each byte o state is replaced by a value rom ollowing table eg. byte with value 0x95 is replaced by byte in row 9 column 5, which has value 0x2A Y a b c d e c 77 7b 2 6b 6 c b e d7 ab 76 1 ca 82 c9 7d a ad d4 a2 a 9c a4 72 c0 2 b7 d cc 34 a5 e d c7 23 c a e2 eb 27 b c 1a 1b 6e 5a a0 52 3b d6 b3 29 e d1 0 ed 20 c b1 5b 6a cb be 39 4a 4c 58 c 6 d0 e aa b 43 4d c 9 a a d 38 5 bc b6 da d2 8 cd 0c 13 ec c4 a7 7e 3d 64 5d dc 22 2a ee b8 14 de 5e 0b db a e0 32 3a 0a c c2 d3 ac e4 79 b e7 c8 37 6d 8d d5 4e a9 6c 56 4 ea 65 7a ae 8 c ba e 1c a6 b4 c6 e8 dd b bd 8b 8a d 70 3e b e b9 86 c1 1d 9e e e d9 8e 94 9b 1e 87 e9 ce d 8c a1 89 0d b e d 0 b0 54 bb 16 CSC/ECE 574 Dr. Peng Ning 59 S-Box (Cont d) The S-Box is what makes AES a non-linear cipher For every value o b there is a unique value or b It is aster to use a substitution table (and easier). b'0 b' 1 b'2 b'3 b'4 b'5 b'6 b' 7 = x = b -1 in GF(28), i.e., x is the inverse o byte b x 0 x 1 x 2 x 3 x 4 x 5 x 6 x CSC/ECE 574 Dr. Peng Ning 60 +
11 S-Box Example Round Step 2. Rotate (Example) Beore Shit Rows The S-Box is what makes AES a non-linear cipher Ater Shit Rows State C0 D0 4A E1 F A1 AF Sbox( 50 ) Sbox( 60 ) Sbox( 70 ) Sbox( 00 ) 53 D Sbox( 10 ) Sbox( 20 ) Sbox( 30 ) Sbox( C0 ) Sbox( D0 ) Sbox( 4A ) Sbox( E1 ) Sbox( F7 ) Ater SubBytes CA 70 B7 D6 04 F8 BA 68 CSC/ECE 574 Sbox( 81 ) Sbox( 93 ) Sbox( A1 ) Sbox( AF ) 53 CA 70 0C 53 CA 70 0C D0 B7 D6 DC B7 D6 DC D F8 32 F BA BA 68 0C DC Dr. Peng Ning 61 CSC/ECE 574 Dr. Peng Ning MixColumn (Cont d) Applied to each column o the state For each column, each byte aiai+3 o the column is used to lookup up our 4-byte intermediate columns titi+3 rom a table (next slide) The intermediate columns titi+3 are then combined (next slide + 1): Part o the MixColumn table: right (low-order) nibble (4 bits) rotate vertically so top octet o ti is in same row as input octet (ai) XOR the our rotated columns together CSC/ECE 574 Dr. Peng Ning 63 let (high-order) nibble (4 bits) Round Step 3. MixColumn Function 62 CSC/ECE 574 Dr. Peng Ning 64 MixColumn (Cont d) Generating Round Keys in AES-128 Example The key (16 bytes) is arranged in 4 columns o 4 rows, as or the input (plaintext) block) Round i Constant ci Deriving the makes use o a table o constants: Removes symmetry and linearity rom key expansion CSC/ECE 574 Dr. Peng Ning 65 CSC/ECE x6C 2 0xD8 3 0xAB 4 0x4D 5 0x9A 6 0x2F 7 0x5E 8 0xBC 9 0x xC6 Dr. Peng Ning 66
12 Round Keys (Cont d) For i th round o keys, i = or column index j = 0 temp = column 3 o (i-1) th (previous) round rotate temp upward one byte S-Box transorm each byte o temp XOR irst byte o temp with c i or column index j = 1..3 temp = column j-1 o i th (this) round result = temp XOR j th column o key round i-1 CSC/ECE 574 Dr. Peng Ning 67 c i S Key Expansion Rationale Designed to resist known attacks Design criteria include knowing part o the key doesn t make it easy to ind entire key key expansion must be invertible, but enough nonlinearity to hinder analysis should be ast to compute, simple to describe and analyze key bits should be diused into the CSC/ECE 574 Dr. Peng Ning 68 Mathematics AES Operates on the binary ield GF(2 8 ) this can be represented as a polynomial b(x) with binary coeicients b {0,1}: b 7 x 7 + b 6 x 6 + b 5 x 5 + b 4 x 4 + b 3 x 3 + b 2 x 2 + b 1 x + b 0 Multiplication in GF(2 8 ) consists o multiplying two polynomials modulo an irreducible polynomial o degree 8 AES uses the ollowing irreducible polynomial m(x) = x 8 + x 4 + x 3 + x + 1 AES-128 Decryption (Conceptual) Run cipher in reverse, with inverse o each operation replacing the encryption operations Inverse operations: XOR is its own inverse inverse o S-box is just the inverse table (next slide) inverse o rotation in one direction is rotation in other direction inverse o MixColumn is just the inverse table (next slide + 1) CSC/ECE 574 Dr. Peng Ning 69 CSC/ECE 574 Dr. Peng Ning 70 Inverse S-Box X Y a b c d e a d a5 38 b 40 a3 9e 81 3 d7 b 1 7c e b e c4 de e9 cb b a6 c2 23 3d ee 4c 95 0b 42 a c3 4e 3 8 2e a d9 24 b2 76 5b a2 49 6d 8b d d4 a4 5c cc 5d 65 b c d ed b9 da 5e a7 8d 9d d8 ab 0 8c bc d3 0a 7 e b8 b d0 2c 1e 8 ca c1 a bd a 6b 8 3a dc ea 97 2 c ce 0 b4 e ac e7 ad e e8 1c 75 d 6e a a 71 1d 29 c b7 62 0e aa 18 be 1b b c 56 3e 4b c6 d a db c0 e 78 cd 5a 4 c 1 dd a c7 31 b ec 5 d a9 19 b5 4a 0d 2d e5 7a 9 93 c9 9c e e a0 e0 3b 4d ae 2a 5 b0 c8 eb bb 3c b 4 7e ba 77 d6 26 e c 7d InvMixColumn let (high-order) nibble (4 bits) right (low-order) nibble (4 bits) CSC/ECE 574 Dr. Peng Ning 71 CSC/ECE 574 Dr. Peng Ning 72
13 AES Decryption (Actual) Run cipher in orward direction, except use inverse operations apply in reverse order apply InvMixColumn to K1..K9 Decryption takes more memory and cycles encryption can only partially reuse hardware or encryption AES Assessment Speed: about 16 clock cycles/byte on modern 32-bit CPUs 200 MByte/s on a PC, no special hardware! No known successul attacks on ull AES best attacks work on 7-9 rounds (out o rounds) Clean design For brute orce attacks, AES-128 will take 4*10 21 X ( = 2 72 ) more eort than DES CSC/ECE 574 Dr. Peng Ning 73 CSC/ECE 574 Dr. Peng Ning 74 Attacks on AES Dierential Cryptanalysis: based on how dierences in inputs correlate with dierences in outputs greatly reduced due to high number o rounds Linear Cryptanalysis: based on correlations between input and output S-Box & MixColumns are designed to rustrate Linear Analysis Side Channel Attacks: based on peculiarities o the implementation o the cipher CSC/ECE 574 Dr. Peng Ning 75 Side Channel Attacks Timing Attacks: measure the time it takes to do operations some operations, with some operands, are much aster than other operations, with other operand values provides clues about what internal operations are being perormed, and what internal data values are being produced Power Attacks: measures power to do operations changing one bit requires considerably less power than changing many bits in a byte CSC/ECE 574 Dr. Peng Ning 76 Summary Secret key crypto is (a) good quality, (b) aster to compute than public key crypto, and (c) the most widely used crypto DES strong enough or non-critical applications, but triple-des is better AES even better (stronger and much aster), has versions with 128-, 192-, and 256-bit keys Secret key crypto requires out-o-band, bilateral key negotiation/agreement CSC/ECE 574 Dr. Peng Ning 77
Introduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES
CSC/ECE 574 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms CSC/ECE 574 Dr. Peng Ning 1 Outline Introductory Remarks Feistel Cipher DES AES CSC/ECE 574 Dr. Peng Ning 2 Introduction
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More informationThe Advanced Encryption Standard
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 48 The Advanced Encryption Standard Successor of DES DES considered insecure; 3DES considered too slow. NIST competition in 1997 15
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationBlock ciphers. Block ciphers. Data Encryption Standard (DES) DES: encryption circuit
Block ciphers Block ciphers Myrto Arapinis School o Inormatics University o Edinburgh January 22, 2015 A block cipher with parameters k and l is a pair o deterministic algorithms (E, D) such that Encryption
More informationModule 2 Advanced Symmetric Ciphers
Module 2 Advanced Symmetric Ciphers Dr. Natarajan Meghanathan Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Data Encryption Standard (DES) The DES algorithm
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationCHAPTER 5 A BLOCK CIPHER INVOLVING A KEY APPLIED ON BOTH THE SIDES OF THE PLAINTEXT
82 CHAPTER 5 A BLOCK CIPHER INVOLVING A KEY APPLIED ON BOTH THE SIDES OF THE PLAINTEXT 83 5.1 Introduction In a pioneering paper, Hill [5] developed a block cipher by using the modular arithmetic inverse
More informationBlock Cipher Cryptanalysis: An Overview
0/52 Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Outline Iterated Block Cipher 1 Iterated Block Cipher 2 S-Boxes 3 A Basic Substitution
More informationIntroduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard +,0, and -a are only notations! Review - Groups Def (group): A set G with a binary
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open
ORYX ORYX 1 ORYX ORYX not an acronym, but upper case Designed for use with cell phones o To protect confidentiality of voice/data o For data channel, not control channel o Control channel encrypted with
More informationCryptography Lecture 4 Block ciphers, DES, breaking DES
Cryptography Lecture 4 Block ciphers, DES, breaking DES Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages
More informationInnovations in permutation-based crypto
Innovations in permutation-based crypto Joan Daemen 1,2 based on joint work with Guido Bertoni 3, Seth Hoert, Michaël Peeters 1, Gilles Van Assche 1 and Ronny Van Keer 1 Cryptacus Training School, Azores,
More informationStream ciphers. Pawel Wocjan. Department of Electrical Engineering & Computer Science University of Central Florida
Stream ciphers Pawel Wocjan Department of Electrical Engineering & Computer Science University of Central Florida wocjan@eecs.ucf.edu Definition of block ciphers Block ciphers: crypto work horse n bits
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationNew Results on Boomerang and Rectangle Attacks
New Results on Boomerang and Rectangle Attacks Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haia 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics Department,
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More information(Solution to Odd-Numbered Problems) Number of rounds. rounds
CHAPTER 7 AES (Solution to Odd-Numbered Problems) Review Questions. The criteria defined by NIST for selecting AES fall into three areas: security, cost, and implementation. 3. The number of round keys
More informationBlock Ciphers and Feistel cipher
introduction Lecture (07) Block Ciphers and cipher Dr. Ahmed M. ElShafee Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure
More informationThe XL and XSL attacks on Baby Rijndael. Elizabeth Kleiman. A thesis submitted to the graduate faculty
The XL and XSL attacks on Baby Rijndael by Elizabeth Kleiman A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Mathematics
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationA New Algorithm to Construct. Secure Keys for AES
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 26, 1263-1270 A New Algorithm to Construct Secure Keys for AES Iqtadar Hussain Department of Mathematics Quaid-i-Azam University, Islamabad, Pakistan
More informationMitsuru Matsui , Ofuna, Kamakura, Kanagawa, 247, Japan. which are block ciphers with a 128-bit key, a 64-bit block and a variable
New Block Encryption Algorithm MISTY Mitsuru Matsui Inormation Technology R&D Center Mitsubishi Electric Corporation 5-1-1, Ouna, Kamakura, Kanagawa, 247, Japan matsui@iss.isl.melco.co.jp Abstract. We
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationChosen Plaintext Attacks (CPA)
Chosen Plaintext Attacks (CPA) Goals New Attacks! Chosen Plaintext Attacks (often CPA) is when Eve can choose to see some messages encoded. Formally she has Black Box for ENC k. We will: 1. Define Chosen
More informationLow Complexity Differential Cryptanalysis and Fault Analysis of AES
Low Complexity Differential Cryptanalysis and Fault Analysis of AES Michael Tunstall May/June, 2011 Michael Tunstall (University of Bristol) May/June, 2011 1 / 34 Introduction We present a survey of low
More informationAccelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography. Stefan Tillich, Johann Großschädl
Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography International Workshop on Information Security & Hiding (ISH '05) Institute for Applied Information Processing and Communications
More informationHistorical cryptography. cryptography encryption main applications: military and diplomacy
Historical cryptography cryptography encryption main applications: military and diplomacy ancient times world war II Historical cryptography All historical cryptosystems badly broken! No clear understanding
More informationLecture 4: DES and block ciphers
Lecture 4: DES and block ciphers Johan Håstad, transcribed by Ernir Erlingsson 2006-01-25 1 DES DES is a 64 bit block cipher with a 56 bit key. It selects a 64 bit block and modifies it depending on the
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationSecret Key: stream ciphers & block ciphers
Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad define a secret key ( seed ) Using the seed generates a byte stream (Keystream): i-th byte is function only
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationAttacks on DES , K 2. ) L 3 = R 2 = L 1 f ( R 1, K 2 ) R 4 R 2. f (R 1 = L 1 ) = L 1. ) f ( R 3 , K 4. f (R 3 = L 3
Attacks on DES 1 Attacks on DES Differential cryptanalysis is an attack on DES that compares the differences (that is, XOR values between ciphertexts of certain chosen plaintexts to discover information
More informationDesign of Low Power Optimized MixColumn/Inverse MixColumn Architecture for AES
Design of Low Power Optimized MixColumn/Inverse MixColumn Architecture for AES Rajasekar P Assistant Professor, Department of Electronics and Communication Engineering, Kathir College of Engineering, Neelambur,
More informationDivision Property: a New Attack Against Block Ciphers
Division Property: a New Attack Against Block Ciphers Christina Boura (joint on-going work with Anne Canteaut) Séminaire du groupe Algèbre et Géometrie, LMV November 24, 2015 1 / 50 Symmetric-key encryption
More informationBLOCK CIPHERS KEY-RECOVERY SECURITY
BLOCK CIPHERS and KEY-RECOVERY SECURITY Mihir Bellare UCSD 1 Notation Mihir Bellare UCSD 2 Notation {0, 1} n is the set of n-bit strings and {0, 1} is the set of all strings of finite length. By ε we denote
More informationOn High-Rate Cryptographic Compression Functions
On High-Rate Cryptographic Compression Functions Richard Ostertág and Martin Stanek Department o Computer Science Faculty o Mathematics, Physics and Inormatics Comenius University Mlynská dolina, 842 48
More informationDifferential Fault Analysis on the families of SIMON and SPECK ciphers
Differential Fault Analysis on the families of SIMON and SPECK ciphers Harshal Tupsamudre, Shikha Bisht, Debdeep Mukhopadhyay Indian Institute of Technology, Kharagpur Abstract. In 2013, the US National
More informationof the Data Encryption Standard Fauzan Mirza
Linear and S-Box Pairs Cryptanalysis of the Data Encryption Standard Fauzan Mirza Third Year Undergraduate Project October 1996 { April 1997!()+, -./01 23456 Department ofcomputerscience Egham, Surrey
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University February 5 2018 Review Relation between PRF and PRG Construct PRF from
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationBiomedical Security. Overview 9/15/2017. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Overview Cryptography: Algorithms Cryptography: Protocols Pretty Good Privacy (PGP) / B. Schneier Workshop Biomedical Security Biomedical Application Security (guest
More informationAURORA: A Cryptographic Hash Algorithm Family
AURORA: A Cryptographic Hash Algorithm Family Submitters: Sony Corporation 1 and Nagoya University 2 Algorithm Designers: Tetsu Iwata 2, Kyoji Shibutani 1, Taizo Shirai 1, Shiho Moriai 1, Toru Akishita
More informationCryptography. pieces from work by Gordon Royle
Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationThe Rijndael Block Cipher
The Rijndael Block Cipher Vincent Leith MATH 27.2 May 3, 2 A brief look at the mathematics behind the Rijndael Block Chiper. Introduction The Rijndael Block Chiper was brought about by Joan Daemen and
More informationTable Of Contents. ! 1. Introduction to AES
1 Table Of Contents! 1. Introduction to AES! 2. Design Principles behind AES Linear Cryptanalysis Differential Cryptanalysis Square Attack Biclique Attack! 3. Quantum Cryptanalysis of AES Applying Grover
More informationPart (02) Modem Encryption techniques
Part (02) Modem Encryption techniques Dr. Ahmed M. ElShafee 1 Block Ciphers and Feistel cipher Dr. Ahmed M. ElShafee 2 introduction Modern block ciphers are widely used to provide encryption of quantities
More informationStructural Cryptanalysis of SASAS
tructural Cryptanalysis of AA Alex Biryukov and Adi hamir Computer cience department The Weizmann Institute Rehovot 76100, Israel. Abstract. In this paper we consider the security of block ciphers which
More informationComputational security & Private key encryption
Computational security & Private key encryption Emma Arfelt Stud. BSc. Software Development Frederik Madsen Stud. MSc. Software Development March 2017 Recap Perfect Secrecy Perfect indistinguishability
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationhold or a eistel cipher. We nevertheless prove that the bound given by Nyberg and Knudsen still holds or any round keys. This stronger result implies
Dierential cryptanalysis o eistel ciphers and dierentially uniorm mappings Anne Canteaut INRIA Projet codes Domaine de Voluceau BP 105 78153 Le Chesnay Cedex rance Abstract In this paper we study the round
More informationA SIMPLIFIED RIJNDAEL ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES
A SIMPLIFIED RIJNDAEL ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES MOHAMMAD MUSA, EDWARD F SCHAEFER, AND STEPHEN WEDIG Abstract In this paper, we describe a simplified version of the Rijndael
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Takeaway: Crypto is Hard Designing crypto is hard, even experts get it wrong Just because I don t know
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationOutline. CPSC 418/MATH 318 Introduction to Cryptography. Information Theory. Partial Information. Perfect Secrecy, One-Time Pad
Outline CPSC 418/MATH 318 Introduction to Cryptography, One-Time Pad Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in part on slides
More informationInvariant Subspace Attack Against Full Midori64
Invariant Subspace Attack Against Full Midori64 Jian Guo 1, Jérémy Jean 1, Ivica Nikolić 1, Kexin Qiao 1,2, Yu Sasaki 1,3, and Siang Meng Sim 1 1 Nanyang Technological University, Singapore 2 Institute
More informationObjectives. By the time the student is finished with this section of the workbook, he/she should be able
FUNCTIONS Quadratic Functions......8 Absolute Value Functions.....48 Translations o Functions..57 Radical Functions...61 Eponential Functions...7 Logarithmic Functions......8 Cubic Functions......91 Piece-Wise
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationSpecification on a Block Cipher : Hierocrypt L1
Specification on a Block Cipher : Hierocrypt L1 Toshiba Corporation September 2001 Contents 1 Design principle 3 1.1 Data randomizing part........................ 3 1.1.1 Nested SPN structure....................
More informationStructural Evaluation by Generalized Integral Property
Structural Evaluation by Generalized Integral Property Yosue Todo NTT Secure Platform Laboratories, Toyo, Japan todo.yosue@lab.ntt.co.jp Abstract. In this paper, we show structural cryptanalyses against
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationImpossible Differential Cryptanalysis of Mini-AES
Impossible Differential Cryptanalysis of Mini-AES Raphael Chung-Wei Phan ADDRESS: Swinburne Sarawak Institute of Technology, 1 st Floor, State Complex, 93576 Kuching, Sarawak, Malaysia. rphan@swinburne.edu.my
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K, E, D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More informationMASKED INVERSION IN GF(2 N ) USING MIXED FIELD REPRESENTATIONS AND ITS EFFICIENT IMPLEMENTATION FOR AES
Chapter X MASKED INVERSION IN GF( N ) USING MIXED FIELD REPRESENTATIONS AND ITS EFFICIENT IMPLEMENTATION FOR AES SHAY GUERON 1,, ORI PARZANCHEVSKY 1 and OR ZUK 1,3 1 Discretix Technologies, Netanya, ISRAEL
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationA Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix
A Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix S. Udaya Kumar V. U. K. Sastry A. Vinaya babu Abstract In this paper, we have developed a block cipher
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationApplications of Finite Sets Jeremy Knight Final Oral Exam Texas A&M University March 29 th 2012
Finite Fields and Cryptography Applications of Finite Sets Jeremy Knight Final Oral Exam Texas A&M University March 29 th 2012 A field is a set that 1. is associative, commutative, and distributive for
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationLecture 5: Pseudorandom functions from pseudorandom generators
Lecture 5: Pseudorandom functions from pseudorandom generators Boaz Barak We have seen that PRF s (pseudorandom functions) are extremely useful, and we ll see some more applications of them later on. But
More informationSymmetric Ciphers. Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5)
Symmetric Ciphers Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5) Symmetric Cryptography C = E(P,K) P = D(C,K) Requirements Given C, the only way to obtain P should be with the knowledge of K Any
More informationJay Daigle Occidental College Math 401: Cryptology
3 Block Ciphers Every encryption method we ve studied so far has been a substitution cipher: that is, each letter is replaced by exactly one other letter. In fact, we ve studied stream ciphers, which produce
More informationMethods and Tools for Analysis of Symmetric Cryptographic Primitives
Methods and Tools for Analysis of Symmetric Cryptographic Primitives Oleksandr Kazymyrov University of Bergen Norway 14th of October, 2014 Oleksandr Kazymyrov Methods and Tools for Analysis of Symmetric
More informationCryptanalysis of Akelarre Niels Ferguson Bruce Schneier DigiCash bv Counterpane Systems Kruislaan E Minnehaha Parkway 1098 VA Amsterdam, Nethe
Cryptanalysis of Akelarre Niels Ferguson Bruce Schneier DigiCash bv Counterpane Systems Kruislaan 9 0 E Minnehaha Parkway 098 VA Amsterdam, Netherlands Minneapolis, MN 559, USA niels@digicash.com schneier@counterpane.com
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationCryptanalysis of the GOST Hash Function
Cryptanalysis o the GOST Hash Function Florian Mendel 1, Norbert Pramstaller 1, Christian Rechberger 1, Marcin Kontak 2, and Janusz Szmidt 2 1 Institute or Applied Inormation Processing and Communications
More informationBlock Ciphers. Chester Rebeiro IIT Madras. STINSON : chapters 3
Block Ciphers Chester Rebeiro IIT Madras STINSON : chapters 3 Block Cipher K E K D Alice untrusted communication link E #%AR3Xf34^$ message encryption (ciphertext) Attack at Dawn!! D decryption Bob Attack
More informationTowards Provable Security of Substitution-Permutation Encryption Networks
Towards Provable Security of Substitution-Permutation Encryption Networks Zhi-Guo Chen and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University at Kingston, Ontario,
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More information