Kryptografické systémy
|
|
- Theodora Franklin
- 5 years ago
- Views:
Transcription
1 Kryptografické systémy Blokové šifry doc. RNDr. Jozef Jirásek, PhD. Bc. Ján Kotrady 2017/2018 Zimný semester 2017 Blokové šifry 1
2 Substitučné šifrovacie systémy Alica Encryption Decryption Bob x 1 x 2... x n x i Σ P plaintext otvorený text k y 1 y 2... y n y i Σ C ciphertext šifrový text k x 1 x 2... x n x i Σ P plaintext otvorený text posuvná šifra monoalfabetická substitúcia polyalfabetické šifry prúdové šifry (substitúcia prekrytím pseudonáhodne generovaným prúdom znakov) viacznakové šifry (Playfair, Hill,...) Zimný semester 2017 Blokové šifry 2
3 Jednoduchá mriežka (Cardan grille) Cardano (1550) znaky textu, ktorý chceme zašifrovať, nájdeme v obyčajnom texte (liste) a ich pozície vyznačíme v mriežke dešifrovanie opäť priložiť mriežku (kľúč) skôr steganografia... Zimný semester 2017 Blokové šifry 3
4 Otáčacia mriežka leissner (1880) 4 pozície mriežky všetky miesta obsadené textom dešifrovanie použiť mriežku v dohodnutom poradí Zimný semester 2017 Blokové šifry 4
5 Transpozičné šifry Šifrový text vznikne permutáciou (niektorých) znakov otvoreného textu (ak je text dlhý, možno ho rozdeliť na bloky podľa veľkosti permutácie) zápis otvoreného textu odzadu zápis textu do riadkov pevnej dĺžky a šifrovanie čítaním po stĺpcoch (scytale) stĺpcová transpozícia pred čítaním stĺpce zamiešame permutačné mriežky (jednoduché zapamätanie permutácie mechanické šifrovanie a dešifrovanie) expanzná permutácia - zobrazenie znakov otvoreného textu na viacero miest šifrového textu (eliminácia použitia frekvenčnej analýzy a hľadania anagramov) Zimný semester 2017 Blokové šifry 5
6 Šifra ADGX používaná v 1. svetovej vojne v nemeckej armáde kombinácia Polybiovho štvorca so stĺpcovou transpozíciou znaky šifrového textu A D G X odlišný Morseho kód (redukcia chýb) heslo VELMINAHODNEA BEZPECNEHESLO zapíšeme do Polybiovho štvorca (ako v Playfair šifre) A D G X A V E L M I D N A H O D B Z P C S G G K Q R H T U W X Y Zimný semester 2017 Blokové šifry 6
7 Šifra ADGX A D G X znaky otvoreného textu šifrujeme A D V N E A L H M O I/J D dvojicou indexu riadku a indexu stĺpca B Z P C S G G K Q R X T U W X Y S U P E R G G X X X X A D G G D G X D X G A A X D D E P R S U X G X G X A X D G G D G G X A X D D D A X K R Y P T O G R A I A G GX XX XADGGDGX DX GA AX DD a pokračujeme stĺpcovou transpozíciou s heslom SUPER šifrový text (po stĺpcoch): XXDGD GGXD XAGAX GXDXA GDX Zimný semester 2017 Blokové šifry 7
8 Iné možnosti utajenia informácie Shannon (1945) zobrazenia, zvyšujúce entropiu : konfúzne zakrývajúce vzťah medzi kľúčom a šifrovým textom, zmena v kľúči spôsobí zmenu CT na viacerých miestach zobrazenie je nelineárne pre šifrovaciu funkciu nie je možné použiť aproximáciu lineárnymi resp. inými jednoduchými funkciami difúzne zakrývajúce vzťah medzi otvoreným a šifrovým textom tým, že zmena znaku v PT zmení znaky v CT na rôznych miestach (charakteristiky PT sa rozptýlia do celého CT resp. bloku CT) lavínový efekt (the avalanche effect) zmena bitu v otvorenom texte zmení každý bit výstupu s pravdep. 1/2 Zimný semester 2017 Blokové šifry 8
9 Iné možnosti utajenia informácie Shannon zobrazenia, zvyšujúce entropiu : konfúzne zakrývajúce vzťah medzi kľúčom a šifrovým textom, zmena v kľúči spôsobí zmenu CT na viacerých miestach difúzne zakrývajúce vzťah medzi otvoreným a šifrovým textom tým, že zmena znaku v PT zmení znaky v CT na rôznych miestach z teórie informácie neexistujú iné zobrazenia zloženie konfúzneho a difúzneho zobrazenia nie je komutatívne (záleží na poradí) Zimný semester 2017 Blokové šifry 9
10 Substitučno permutačné siete utajenie zvýši len opakovaná kombinácia konfúzie (substitúcie) a difúzie (transpozície) substitučno-permutačné siete opakujú substitúciu (stále s iným kľúčom) a permutáciu v tzv. rundách (round) účinnosť závisí od kvality substitučných blokov (S-boxov) a veľkosti permutácie (P-boxy) dešifrovanie obrátený postup (s inverznými S-boxmi) Zimný semester 2017 Blokové šifry 10
11 Blokové symetrické šifrovacie systémy Alica Block encr. x 1 x 2... x n x i {0,1} m k otvorený text rozdelený na bloky y 1 y 2... y n y i {0,1} m bloky šifrového textu Block decr. delenie textu na bloky rovnakej veľkosti (aby sa dali urobiť difúzie) šifrovanie rovnakých blokov tým istým kľúčom bude rovnaké blok musí byť dostatočne veľký, aby sa nedali využiť štatistické metódy resp. kódovacie tabuľky pre každý kľúč bloková substitúcia umožňuje K = 2 m! kľúčov prakticky stačí menej, ale treba s nimi správne narábať k Bob x 1 x 2... x n x i {0,1} m bloky otvoreného textu Zimný semester 2017 Blokové šifry 11
12 eistelova sieť L 0 L 1 L 2 R 0 K1 R 1 K 2 R 2 K 3 eistel (1973) SP sieť (pôvodne pre IBM šifru Lucifer) blok rozdelený na polovice L 0 a R 0 L i = R i 1 R i = L i 1 (R i 1, K i ) po n rundách je šifrový text R n L n L 3... L n 1 R 3... R n 1 K n difúzia zmiešanie s opačnou polovicou bloku konfúzia nelineárna funkcia ovplyvnená rôznymi kľúčmi L n R n Zimný semester 2017 Blokové šifry 12
13 eistelova sieť - dešifrovanie L 0 L 1 R 0 K1 R 1 R n R n 1 L n Kn L n 1 L i = R i 1 R i = L i 1 (R i 1, K i ) začiatok R n L n K 2 K n 1 po prvej runde bude L 2 R 2 R n 2 L n 2 L n R n L n, K n L 3 R 3 K 3 K n 2 L n = R n 1 R n L n, K n = = L n 1 (R n 1, K n ) R n 1, K n = L n 1... L n 1... R n 1 K n... R 1... L 1 K 1 teda R n 1 L n 1 a ďalej až po R 0 L 0 - dešifrujem L 0 R 0 nie je potrebné poznať inverzné funkcie k L n R n R 0 L 0 pri dešifrovaní len zmeniť poradie kľúčov Zimný semester 2017 Blokové šifry 13
14 DES Digital Encryption Standard IP IP -1 K 1 K 2 K 16 IPS ( ) podľa IBM Lucifer blok 64 bitov, 16 rúnd kľúč 56 bitov > 16 rundových 48 bitových kľúčov inicializačná permutácia (zapojenie vstupov) Zimný semester 2017 Blokové šifry 14
15 DES funkcia IP IP -1 K 1 K 2 K 16 Expanzia E s 1 s 2 s 3 s 4 s 5 s 6 s 7 s P K i nelineárna funkcia expanzná permutácia E výstupná permutácia P 8 substitučných S-boxov zobrazenia {0,1} 6 {0,1} S-box S Zimný semester 2017 Blokové šifry 15
16 DES generovanie kľúčov 56 PC <<<1 <<<1 PC2 <<<1 <<<1 PC2 <<<2 <<<2 PC2 <<<2 <<<2 PC K1 48 K 2 odstránenie paritných bitov začiatočná kľúčová permutácia PC1 kľúč sa rozdelí na 28 bitové polovice C 0 a D 0 for r := 1 to 16 do if r {1,2,9,16} then j := 1 else j := 2 endif; C r C r 1 <<< j D r D r 1 <<< j K r PC2(C r, D r ) endfor; PC2 - výstupná výberová permutácia po 28 rotáciách bude C 16 = C 0, D 16 = D 0 pre dešifrovanie sa použije ten istý postup s opačným smerom posunutia Zimný semester 2017 Blokové šifry 16
17 DES - analýza je možné zabezpečiť len výpočtovú bezpečnosť (za prelomenie sa považuje útok rýchlejší ako prehľadávanie celej kľúčovej množiny) na 56 bitový kľúč je potrebné použiť kvalitný (pseudo)náhodný generátor (nie len 8 znakov ASCII) 4 slabé kľúče E k E k X = X (+12 poloslabých) nie je homomorfná šifra E k2 E k1 X E k3 X UD (unicity distance) vzdialenosť jednoznačnosti H(K)/H M = log 2 56 / log 2 64 = 0,875 na úspešný útok by mala stačiť dvojica (M,C) Zimný semester 2017 Blokové šifry 17
18 TMTO (time memory trade off) útok KPA pre známu dvojicu (M, C) predpočítať tabuľku (k, DES k (M)) pre všetky kľúče a nájsť správny kľúč v konštantnom čase náhodne voliť kľúč k a porovnať C a DES k (M) (Hellman) dá sa hľadať v čase O( K 1/2 ) s predpočítanou tabuľkou veľkosti O( K 1/2 ) ak veľkosť bloku m sa rovná dĺžke kľúča : for i = 1 to r {z = rand(x i ); for j = 1 to s do z = E z (M); y i = z} dostaneme r dvojíc (x i,y i ) vyrábam maximálne s-prvkový reťazec z = C; {z = E z (M);}, ak pre nejaké j bude z=y j, potom predchodcom C v reťazci, začínajúcom x j musí byť E k (M) Zimný semester 2017 Blokové šifry 18
19 DES KPA útok na niekoľko rúnd Expanzia E P s 1 s 2 s 3 s 4 s 5 s 6 s 7 s K i R 0 K 1 pre jednu rundu poznáme L 0, R 0, L 1, R 1 L 1 = R 0 R 1 = L 0 R 0, K 1 R1 R 0, K 1 = = P(S E R 0 K 1 ) K 1 = E(R 0 ) S 1 (P 1 (L 0 R 1 )) poznáme E(R 0 ) a P 1 (L 0 R 1 ) na S -1 treba vyskúšať 4 8 = 2 16 = možností L 0 L 1 pre dve rundy... Zimný semester 2017 Blokové šifry 19
20 DES COA analýza počet možných kľúčov K = 2 56 ~ 72* (zo všetkých 2 64! substitúcií) VLSI na testovanie 10 6 k/s 1 deň $20 mil návrh 5760 VLSI po $10 ~ 1.5 dňa (nerealizované) 1997 DES Challenge (RSA) 5 mesiacov 25% kľúčov 1998 DES Challenge II-1-39 dní 85% kľúčov 1998 E DES Cracker ASIC chips - 88 mld k/s DES Challenge II-2 56 hodín - $200 tis DES Challenge III DES Cracker + distributed.net (100 tis. PC) 22h15min projekt Copacobana (2007) 120 PGA 48 mld k/s dúhové tabuľky (rainbow table) CPA za 25 s Zimný semester 2017 Blokové šifry 20
21 Odporúčané dĺžky kľúčov Attacker Budget Hardware Min security Hacker 0 PC 58 < $400 PC(s)/PGA 63 0 Malware 77 Small organization $10k PC(s)/PGA 69 Medium organization $300k PGA/ASIC 69 Large organization $10M PGA/ASIC 78 Intelligence agency $300M ASIC 84 rom ECRYPT II Yearly Report on Algorithms and Keysizes ( ) Zimný semester 2017 Blokové šifry 21
22 Stupne zabezpečenia 32 Real-time, individuals Only auth. tag size 64 Very short-term, small org Not for confidentiality in new systems 72 Short-term, medium org Medium-term, small org 80 Very short-term, agencies Smallest general-purpose Long-term, small org < 4 years protection (2-key 3DES, < 240 PT/CT) 96 Legacy standard level 10 years protection (2-key 3DES, < 10 6 PT/CT) 112 Medium-term protection 20 years protection (3-key 3DES) 128 Long-term protection 30 years Good, generic application-indep. 256 oreseeable future rom ECRYPT II Yearly Report on Algorithms and Keysizes (2012) Zimný semester 2017 Blokové šifry 22
23 2DES + KPA útok 2DES C = DES r (DES k M ) Meet-in-the-middle útok - ak poznáme dve dvojice M, C M, C X = DES k (M), Y = DES r -1 (C), X = Y pre správne k a r pre všetky k i nájdeme X i a uložíme do poľa K[X i ] = k i (dimenzie 2 64 ) prechádzame všetky r j a ak pre DES rj -1 (C) = Y j nájdeme obsadenú pozíciu K[Y i ] v poli K, potom DES K[Yj] (M) = Y j = DES rj -1 (C) teda (K[Y i ], r j ) je vhodná dvojica kľúčov (k,r) počet všetkých dvojíc kľúčov je = a počet blokov len 2 64 teda dostaneme približne /2 64 vhodných riešení (UD H(K)/H P = log / log 2 64 = 1,75 ) potrebujeme aspoň jednu ďalšiu dvojicu (M, C ), na ktorej vyskúšame dvojicu kľúčov (K[Y i ], r j ) mali by sme dostať približne (2 112 /2 64 )(1/2 64 ) = 2-16 možností, teda ak DES K[Yj] (M ) = DES rj -1 (C ) bude pravdepodobnosť správneho riešenia vysoká ak DES K[Yj] (M ) DES rj -1 (C ) musíme pokračovať v prehľadávaní ďalších kľúčov r j počet použití DES je < = 2 57 potrebujeme tiež vhodne uložiť pole veľkosti 2 64 Zimný semester 2017 Blokové šifry 23
24 3DES a DESx 3DES C = DES k3 (DES 1 k2 (DES k1 M )) dešifrovanie M = DES 1 k1 DES k2 (DES 1 k3 (C)) 168 bitový kľúč, ale bezpečnosť len na úrovni (MITM) stačí k 1 a k 2 a C = DES k1 (DES 1 k2 (DES k1 M )) 112 bitový kľúč pre k 3 = k 2 = k 1, 3DES k1 k 2 k 3 = DES k1 (3DES funguje aj ako DES) DES-X (Rivest, Killian) C = k 3 DES k1 (Mk 2 ) M = k 2 DES 1 k1 (Ck 3 ) k 1 56 bitový a k 2, k 3 64 bitové spolu 184 bitový kľúč rýchlejší výpočet, bezpečnosť na úrovni key whitening Zimný semester 2017 Blokové šifry 24
25 DES lineárna a diferenciálna kryptoanalýza aproximácia S-boxov lineárnymi zobrazeniami (Matsui 1994) aspoň 2 43 párov PT,CT 10 dní z 2 43 párov je možné získať 26 bitov, ostatok hrubou silou diferenciálna kryptoanalýza - rozdiely medzi vstupmi a výstupmi (čo spôsobí zmena bitu vstupu na výstup) pre diferenciálnu kryptoanalýzu DES choosen PT aproximácia 13 rúnd + hrubá sila pomocou známych dvojíc PT/CT je možné dopočítať CT aj pre hľadaný PT (resp. naopak) Zimný semester 2017 Blokové šifry 25
26 IDEA International Data Encryption Algorithm (1991) náhrada za DES počas licenčných obmedzení pre otvorené riešenia (PGP,...) 64 bitový blok, 128 bitový kľúč 8 rúnd jednoduchých operácií (celočíselných 16-bitových) Lai-Massey schéma podobne ako eistel dešifruje sa šifrovacou funkciou s opačným poradím kľúčov Zimný semester 2017 Blokové šifry 26
27 Ďakujem za pozornosť. Zimný semester 2017 Blokové šifry 27
Cryptography Lecture 4 Block ciphers, DES, breaking DES
Cryptography Lecture 4 Block ciphers, DES, breaking DES Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages
More informationKryptografické systémy
Kryptografické systémy autentifikácia doc. RNDr. Jozef Jirásek, PhD. Bc. Ján Kotrady 2017/2018 Zimný semester 2017 Autentifikácia 1 Identita Identita faktory, ktoré (podľa možnosti) jednoznačne identifikujú
More informationIng. Tomasz Kanik. doc. RNDr. Štefan Peško, CSc.
Ing. Tomasz Kanik Školiteľ: doc. RNDr. Štefan Peško, CSc. Pracovisko: Študijný program: KMMOA, FRI, ŽU 9.2.9 Aplikovaná informatika 1 identifikácia problémovej skupiny pacientov, zlepšenie kvality rozhodovacích
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University February 5 2018 Review Relation between PRF and PRG Construct PRF from
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationUniversity of Regina Department of Mathematics & Statistics Final Examination (April 21, 2009)
Make sure that this examination has 10 numbered pages University of Regina Department of Mathematics & Statistics Final Examination 200910 (April 21, 2009) Mathematics 124 The Art and Science of Secret
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationSymmetric Cryptography
Symmetric Cryptography Stanislav Palúch Fakula riadenia a informatiky, Žilinská univerzita 25. októbra 2017 Stanislav Palúch, Fakula riadenia a informatiky, Žilinská univerzita Symmetric Cryptography 1/54
More informationAttacks on DES , K 2. ) L 3 = R 2 = L 1 f ( R 1, K 2 ) R 4 R 2. f (R 1 = L 1 ) = L 1. ) f ( R 3 , K 4. f (R 3 = L 3
Attacks on DES 1 Attacks on DES Differential cryptanalysis is an attack on DES that compares the differences (that is, XOR values between ciphertexts of certain chosen plaintexts to discover information
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationAkelarre. Akelarre 1
Akelarre Akelarre 1 Akelarre Block cipher Combines features of 2 strong ciphers o IDEA mixed mode arithmetic o RC5 keyed rotations Goal is a more efficient strong cipher Proposed in 1996, broken within
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationA Knapsack Cryptosystem Secure Against Attacks Using Basis Reduction and Integer Programming
A Knapsack Cryptosystem Secure Against Attacks Using Basis Reduction and Integer Programming Bala Krishnamoorthy William Webb Nathan Moyer Washington State University ISMP 2006 August 2, 2006 Public Key
More informationBLOCK CIPHERS KEY-RECOVERY SECURITY
BLOCK CIPHERS and KEY-RECOVERY SECURITY Mihir Bellare UCSD 1 Notation Mihir Bellare UCSD 2 Notation {0, 1} n is the set of n-bit strings and {0, 1} is the set of all strings of finite length. By ε we denote
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationTeória grafov. RNDr. Milan Stacho, PhD.
Teória grafov RNDr. Milan Stacho, PhD. Literatúra Plesník: Grafové algoritmy, Veda Bratislava 1983 Sedláček: Úvod do teórie grafů, Academia Praha 1981 Bosák: Grafy a ich aplikácie, Alfa Bratislava 1980
More informationModule 2 Advanced Symmetric Ciphers
Module 2 Advanced Symmetric Ciphers Dr. Natarajan Meghanathan Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Data Encryption Standard (DES) The DES algorithm
More informationDan Boneh. Stream ciphers. The One Time Pad
Online Cryptography Course Stream ciphers The One Time Pad Symmetric Ciphers: definition Def: a cipher defined over is a pair of efficient algs (E, D) where E is often randomized. D is always deterministic.
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationBernoulli variables. Let X be a random variable such that. 1 with probability p X = 0 with probability q = 1 p
Unit 20 February 25, 2011 1 Bernoulli variables Let X be a random variable such that { 1 with probability p X = 0 with probability q = 1 p Such an X is called a Bernoulli random variable Unit 20 February
More informationPrivate-key Systems. Block ciphers. Stream ciphers
Chapter 2 Stream Ciphers Further Reading: [Sim92, Chapter 2] 21 Introduction Remember classication: Private-key Systems Block ciphers Stream ciphers Figure 21: Private-key cipher classication Block Cipher:
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationLecture Note 3 Date:
P.Lafourcade Lecture Note 3 Date: 28.09.2009 Security models 1st Semester 2007/2008 ROUAULT Boris GABIAM Amanda ARNEDO Pedro 1 Contents 1 Perfect Encryption 3 1.1 Notations....................................
More informationBiomedical Security. Overview 9/15/2017. Erwin M. Bakker
Biomedical Security Erwin M. Bakker Overview Cryptography: Algorithms Cryptography: Protocols Pretty Good Privacy (PGP) / B. Schneier Workshop Biomedical Security Biomedical Application Security (guest
More informationImplementation Tutorial on RSA
Implementation Tutorial on Maciek Adamczyk; m adamczyk@umail.ucsb.edu Marianne Magnussen; mariannemagnussen@umail.ucsb.edu Adamczyk and Magnussen Spring 2018 1 / 13 Overview Implementation Tutorial Introduction
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More informationModified Hill Cipher with Interlacing and Iteration
Journal of Computer Science 3 (11): 854-859, 2007 ISSN 1549-3636 2007 Science Publications Modified Hill Cipher with Interlacing and Iteration 1 V.U.K. Sastry and 2 N. Ravi Shankar 1 Department of R and
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationBreaking the FF3 Format Preserving Encryption
Breaking the 3 ormat Preserving Encryption. Betül Durak and Serge Vaudenay ÉCOLE POLYTECHNIQUE ÉDÉRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2017 breaking 3 ESC 17 1 / 23 1 ormat Preserving Encryption 2
More informationKryptológia - úvod. Úvod do informačnej bezpečnosti Michal Rjaško LS 2016/2017
Kryptológia - úvod Úvod do informačnej bezpečnosti Michal Rjaško LS 2016/2017 rjasko@dcs.fmph.uniba.sk Plán kurzu http://www.dcs.fmph.uniba.sk/~rjasko/uib2017.html Manažment informačnej bezpečnosti 1.
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More information9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationShannon s Theory of Secrecy Systems
Shannon s Theory of Secrecy Systems See: C. E. Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal, Vol. 28, pp. 656 715, 1948. c Eli Biham - March 1, 2011 59 Shannon s Theory
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationTime-memory tradeoff attacks
Charles University in Prague Faculty of Matheatics and Physics BACHELOR THESIS Monika Seidlová Tie-eory tradeoff attacks Departent of Algebra Supervisor of the bachelor thesis: Study prograe: Specialization:
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationBlock Ciphers and Feistel cipher
introduction Lecture (07) Block Ciphers and cipher Dr. Ahmed M. ElShafee Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationEME : extending EME to handle arbitrary-length messages with associated data
EME : extending EME to handle arbitrary-length messages with associated data (Preliminiary Draft) Shai Halevi May 18, 2004 Abstract We describe a mode of oepration EME that turns a regular block cipher
More informationA Knapsack Cryptosystem Based on The Discrete Logarithm Problem
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem By K.H. Rahouma Electrical Technology Department Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationTopics. Probability Theory. Perfect Secrecy. Information Theory
Topics Probability Theory Perfect Secrecy Information Theory Some Terms (P,C,K,E,D) Computational Security Computational effort required to break cryptosystem Provable Security Relative to another, difficult
More informationBenny Pinkas Bar Ilan University
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar Ilan University 1 Extending OT [IKNP] Is fully simulatable Depends on a non-standard security assumption
More informationLattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.
Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.
More informationBiomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.
Biomedical Security Erwin M. Bakker Some Security News From: NYTimes Blockchains are not safe for voting (slashdot.org) : From Motherboard.vice.com ECDAA: Eliptic Curve Direct Anonymous Attestation for
More informationModified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration
Journal of Computer Science 4 (1): 15-20, 2008 ISSN 1549-3636 2008 Science Publications Modified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration V.U.K. Sastry and N. Ravi Shankar
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationKapitola S5. Skrutkovica na rotačnej ploche
Kapitola S5 Skrutkovica na rotačnej ploche Nech je rotačná plocha určená osou rotácie o a meridiánom m. Skrutkový pohyb je pohyb zložený z rovnomerného rotačného pohybu okolo osi o a z rovnomerného translačného
More informationSimple Codes MTH 440
Simple Codes MTH 440 Not all codes are for the purpose of secrecy Morse Code ASCII Zip codes Area codes Library book codes Credit Cards ASCII Code Steganography: Hidden in plain sight (example from http://www.bbc.co.uk/news/10
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationLecture 8 - Cryptography and Information Theory
Lecture 8 - Cryptography and Information Theory Jan Bouda FI MU April 22, 2010 Jan Bouda (FI MU) Lecture 8 - Cryptography and Information Theory April 22, 2010 1 / 25 Part I Cryptosystem Jan Bouda (FI
More information18733: Applied Cryptography Anupam Datta (CMU) Block ciphers. Dan Boneh
18733: Applied Cryptography Anupam Datta (CMU) Block ciphers Online Cryptography Course What is a block cipher? Block ciphers: crypto work horse n bits PT Block n bits E, D CT Block Key k bits Canonical
More information5.4 ElGamal - definition
5.4 ElGamal - definition In this section we define the ElGamal encryption scheme. Next to RSA it is the most important asymmetric encryption scheme. Recall that for a cyclic group G, an element g G is
More informationSymmetric Cryptanalytic Techniques. Sean Murphy ショーン マーフィー Royal Holloway
Symmetric Cryptanalytic Techniques Sean Murphy ショーン マーフィー Royal Holloway Block Ciphers Encrypt blocks of data using a key Iterative process ( rounds ) Modified by Modes of Operation Data Encryption Standard
More informationSecurity and Cryptography 1
Security and Cryptography 1 Module 5: Pseudo Random Permutations and Block Ciphers Disclaimer: large parts from Mark Manulis and Dan Boneh Dresden, WS 18 Reprise from the last modules You know CIA, perfect
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationPublic Key Encryption
Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationStatistical and Algebraic Properties of DES
Statistical and Algebraic Properties of DES Stian Fauskanger 1 and Igor Semaev 2 1 Norwegian Defence Research Establishment (FFI), PB 25, 2027 Kjeller, Norway 2 Department of Informatics, University of
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationConcurrent Error Detection in S-boxes 1
International Journal of Computer Science & Applications Vol. 4, No. 1, pp. 27 32 2007 Technomathematics Research Foundation Concurrent Error Detection in S-boxes 1 Ewa Idzikowska, Krzysztof Bucholc Poznan
More informationDifferential Fault Analysis on DES Middle Rounds
Differential Fault Analysis on DES Middle Rounds Matthieu Rivain Speaker: Christophe Giraud Oberthur Technologies Agenda 1 Introduction Data Encryption Standard DFA on DES Last & Middle Rounds 2 Our Attack
More informationSolution to Midterm Examination
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book
More informationCryptography and Security Midterm Exam
Cryptography and Security Midterm Exam Serge Vaudenay 23.11.2017 duration: 1h45 no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices
More informationProFIIT 2018 Vysvetlenia riešení problémov
ProFIIT 2018 Vysvetlenia riešení problémov Peter Trebatický et al. 7.4.2018 Peter Trebatický et al. ProFIIT 2018 7.4.2018 1 / 41 1 Poradie Peter Trebatický 2 Heslá Michal Maňak 3 3 3 Peter Kmec 4 Logy
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationRainbow Tables ENEE 457/CMSC 498E
Rainbow Tables ENEE 457/CMSC 498E How are Passwords Stored? Option 1: Store all passwords in a table in the clear. Problem: If Server is compromised then all passwords are leaked. Option 2: Store only
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationAlgebraic Aspects of Symmetric-key Cryptography
Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information Security Group Royal Holloway, University of London 04.May.2007 ECRYPT Summer School 1 Algebraic Techniques
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationRSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationCBEAM: Ecient Authenticated Encryption from Feebly One-Way φ Functions
CBEAM: Ecient Authenticated Encryption from Feebly One-Way φ Functions Author: Markku-Juhani O. Saarinen Presented by: Jean-Philippe Aumasson CT-RSA '14, San Francisco, USA 26 February 2014 1 / 19 Sponge
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationSimilarities between encryption and decryption: how far can we go?
Similarities between encryption and decryption: how far can we go? Anne Canteaut Inria, France and DTU, Denmark Anne.Canteaut@inria.fr http://www-rocq.inria.fr/secret/anne.canteaut/ SAC 2013 based on a
More informationLecture 5, CPA Secure Encryption from PRFs
CS 4501-6501 Topics in Cryptography 16 Feb 2018 Lecture 5, CPA Secure Encryption from PRFs Lecturer: Mohammad Mahmoody Scribe: J. Fu, D. Anderson, W. Chao, and Y. Yu 1 Review Ralling: CPA Security and
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More informationFFT-Based Key Recovery for the Integral Attack
FFT-Based Key Recovery for the Integral Attack Yosuke Todo NTT Secure Platform Laboratories Abstract. The integral attack is one of the most powerful attack against block ciphers. In this paper, we propose
More informationComputer Science A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 08 Shannon s Theory (Contd.)
More informationOd zmiešavacieho kalorimetra k ultra citlivej modulovanej kalorimetrii. Jozef Kačmarčík
Od zmiešavacieho kalorimetra k ultra citlivej modulovanej kalorimetrii CENTRUM FYZIKY VEĽMI NÍZKYCH TEPLÔT Ústavu experimentálnej fyziky SAV a Univerzity P.J.Šafárika Centrum excelentnosti SAV Jozef Kačmarčík
More informationENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange
ENEE 457: Computer Systems Security 10/3/16 Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationA Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix
A Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix S. Udaya Kumar V. U. K. Sastry A. Vinaya babu Abstract In this paper, we have developed a block cipher
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019
Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More information