Goals of Cryptography. Definition of a Cryptosystem. Security Kerckhoff's Requirements

Similar documents
Classical Cryptography

Introduction to Information Security

Parallel stream cipher for secure high-speed communications

CSCI3381-Cryptography

PEA: Polymorphic Encryption Algorithm based on quantum computation. Nikos Komninos* and Georgios Mantas

s = (Y Q Y P)/(X Q - X P)

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Quantum public-key cryptosystems based on induced trapdoor one-way transformations

DTTF/NB479: Dszquphsbqiz Day 26

List Scheduling and LPT Oliver Braun (09/05/2017)

The Transactional Nature of Quantum Information

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Fast Montgomery-like Square Root Computation over GF(2 m ) for All Trinomials

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018

5. Classical Cryptographic Techniques from modular arithmetic perspective

Birthday Paradox Calculations and Approximation

CPSC 467b: Cryptography and Computer Security

Topics. Probability Theory. Perfect Secrecy. Information Theory

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Feature Extraction Techniques

Lecture Notes. Advanced Discrete Structures COT S

Classical Cryptography

Multicollision Attacks on Some Generalized Sequential Hash Functions

Cook-Levin Theorem. SAT is NP-complete

This model assumes that the probability of a gap has size i is proportional to 1/i. i.e., i log m e. j=1. E[gap size] = i P r(i) = N f t.

Chapter 2 Classical Cryptosystems

Identity-Based Key Aggregate Cryptosystem from Multilinear Maps

Vulnerability of MRD-Code-Based Universal Secure Error-Correcting Network Codes under Time-Varying Jamming Links

Introduction to Cryptography

Cryptography - Session 2

An Attack Bound for Small Multiplicative Inverse of ϕ(n) mod e with a Composed Prime Sum p + q Using Sublattice Based Techniques

CRYPTOGRAPHY AND NUMBER THEORY

Polygonal Designs: Existence and Construction

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Cryptography CS 555. Topic 2: Evolution of Classical Cryptography CS555. Topic 2 1

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Classical Cryptography

... Assignment 3 - Cryptography. Information & Communication Security (WS 2018/19) Abtin Shahkarami, M.Sc.

Cryptography. P. Danziger. Transmit...Bob...

Chapter 2. A Look Back. 2.1 Substitution ciphers

Topic 5a Introduction to Curve Fitting & Linear Regression

Chapter 6 1-D Continuous Groups

Low complexity bit parallel multiplier for GF(2 m ) generated by equally-spaced trinomials

Finite fields. and we ve used it in various examples and homework problems. In these notes I will introduce more finite fields

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

Uniform Approximation and Bernstein Polynomials with Coefficients in the Unit Interval

Combining Classifiers

Data and information security: 2. Classical cryptography

Elliptic Curve Scalar Point Multiplication Algorithm Using Radix-4 Booth s Algorithm

Number theory (Chapter 4)

Intelligent Systems: Reasoning and Recognition. Perceptrons and Support Vector Machines

Divisibility of Polynomials over Finite Fields and Combinatorial Applications

A block cipher enciphers each block with the same key.

Solutions to the Midterm Test (March 5, 2011)

The simplest method for constructing APN polynomials EA-inequivalent to power functions

STREAM CIPHER. Chapter - 3

Lecture 8 - Cryptography and Information Theory

1 Generalization bounds based on Rademacher complexity

MATH3302 Cryptography Problem Set 2

Support Vector Machine Classification of Uncertain and Imbalanced data using Robust Optimization

Optimal Jamming Over Additive Noise: Vector Source-Channel Case

Week 7 An Application to Cryptography

A Link Between Integrals and Higher-Order Integrals of SPN Ciphers

Introduction to Cryptology. Lecture 2

Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm. David Morgan

Network Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices

monoalphabetic cryptanalysis Character Frequencies (English) Security in Computing Common English Digrams and Trigrams Chapter 2

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

Lecture 1: Introduction to Public key cryptography

Ch 12: Variations on Backpropagation

Private-key Systems. Block ciphers. Stream ciphers

Public Key Cryptography

Public Key Cryptography

Chapter 2 : Perfectly-Secret Encryption

Revisiting the security model for aggregate signature schemes

Linear recurrences and asymptotic behavior of exponential sums of symmetric boolean functions

a a a a a a a m a b a b

A Self-Organizing Model for Logical Regression Jerry Farlow 1 University of Maine. (1900 words)

MULTIPLAYER ROCK-PAPER-SCISSORS

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Historical cryptography. cryptography encryption main applications: military and diplomacy

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

Equational Security of a Lattice-based Oblivious Transfer Protocol

On the Communication Complexity of Lipschitzian Optimization for the Coordinated Model of Computation

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

Low-complexity, Low-memory EMS algorithm for non-binary LDPC codes

ASSUME a source over an alphabet size m, from which a sequence of n independent samples are drawn. The classical

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Measuring orbital angular momentum superpositions of light by mode transformation

On Concurrent Detection of Errors in Polynomial Basis Multiplication

Jay Daigle Occidental College Math 401: Cryptology

Security Implications of Quantum Technologies

Lecture (04) Classical Encryption Techniques (III)

one approach to improve security was to encrypt multiple letters invented by Charles Wheatstone in 1854, but named after his

A Model for the Selection of Internet Service Providers

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

The Vigenère cipher is a stronger version of the Caesar cipher The encryption key is a word/sentence/random text ( and )

Transcription:

Goals of Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks : Secret Key Cryptography Cryptosystes Historical approaches Strea Ciphers Block ciphers Secrecy of data essages Only authorized people should be able to read the data Authentication of participants essages Is a user really the one he pretends to be? 3 Anonyity of participants Anonyity of sender /or receiver for third parties Fundaental ters A(lice: Sender of a essage B(ob: Recipient of a essage O(scar: Opponent, attacker on a essage Page Page Definition of a Cryptosyste Security Kerckhoff's Requireents A cryptosyste is a fivetuple (P,C,K,E,D, where the following conditions are satisfied: P is a finite set of possible plaintexts C is a finite set of possible cipher texts K, the key space, is a finite set of possible keys For each k K, there is an encryption rule e k E a corresponding decryption rule d k D Each e k :P C d k :C P are functions such that d k (e k (x=x for every plaintext x P The lastentioned property is the ain property: if a plaintext s encrypted using e k the resulting cipher text is subsequently decrypted using d k, then the original plaintext x results A cryptosyste is called breakable, if a third party is able to recover the plaintext fro a given cipher text without knowledge of the key A set of general cryptosyste requireents are given by Kerckhoff's requireents (883: The syste should be, if not theoretically unbreakable, unbreakable in practice (tie effort, cost, Coproise of the syste details should not inconvenience the correspondents The key should be reeberable without notes, easily changed The cryptogra should be transissible by telegraph The encryption apparatus should be portable operable by a single person The syste should be easy, requiring neither the knowledge of a long list of rules, nor ental strain Page 3 Page 4

Classification of Attackers Historical Cryptosystes Cipher textonly: Oscar possesses a string y of the cipher text Known plaintext: Oscar possesses a string x of the plaintext the corresponding cipher text y The proble now is to find out the key which produces y for x 3 Chosen plaintext: Oscar has access to the encryption achinery Hence he can chose a plaintext string x construct the corresponding cipher text string y 4 Chosen cipher text: Oscar has access to the decryption achinery Hence, he can chose a cipher text string y construct the corresponding plaintext string x Monoalphabetic cipher: Each alphabetic character is apped onto a unique alphabetic character Exaples: Shift Cipher, Substitution Cipher, Affine Cipher Polyalphabetic cipher: Each alphabetic character is apped onto various alphabetic characters Exaples: Vigenere Cipher, Hill Cipher, Perutation Cipher Cryptosystes are classified regarding the protection against attackers of these classes: is the iniu requireent on a odern cryptosyste 3 4 are hard tests on a odern cryptosyste Page 5 Page 6 Shift Cipher Substitution Cipher Idea: Map each character x on that character which follows x by a given nuber k of positions Let P = C = K = Z n = {0,,, n} For k K, define e k (x = x + k od n d k (y = y k od n where x,y Z n Idea: use a perutation over the set of characters as key to get a ore flexible schee as in the shift cipher Let P = C = Z n, K = S(Z n (set of perutations over Z n For each perutation p K, define e p (x = p(x, d p (y = p (y where p is the inverse perutation to p, x,y Z n Exaple: n=6, k=3 Encrypt: hello (7,4,,,4 to KHOOR (0,7,4,4,7 This special cipher (k=3 is called Caesar Cipher, because it is said that Julius Caesar used it Exaple: n=6 p: a F n K b G o Y c N p W d E q V e A r C f T s P g X t J h Z u L i O v S I w D k Q x M l B y U H z R coputerscience NYHWLJACPNOAKNA Page 7 Page 8

Affine Cipher Idea: cobination of a shift cipher a special perutation, ade by a ultiplication with a constant relatively prie to n Let P = C = Z n K = {(a, b Z n Z n : gcd(a, n = } For k = (a, b K, define y = e k (x = ax + b od n x = d k (y = a (y b od n, where x,y Z n Exaple: n = 6, k=(7,5 hello MROOJ (7,4,,,4 (,7,4,4,9 7 7 + 5 od 6 = 64 od 6 = 4 7 + 5 od 6 = 43 od 6 = 7 7 + 5 od 6 = 9 od 6 = 4 4 7 + 5 od 6 = 3 od 6 = 9 Page 9 Vigenere Cipher Idea: usage of several keys to encrypt blocks of characters Thus, the sae character of plaintext is apped onto several characters in cipher text Exaple: n = 6, =5, k=(7,4,,,4 (Keyword: hello Plaintext: chine sepeo ple (,7,8,3,4; (8,4,5,4,4; (5,,4 Adding: 7 8 3 4 8 4 5 4 4 7 9 4 9 Let be a positive integer, P = C = K = (Z n For a key k = (k,k,,k, define e k (x,,x = (x + k,,x + k d k (y,,y = (y k,,y k, where all operations are perfored in Z n 4 4 8 Ciphertext: JLTYS ZIAPC WPP 7 4 4 7 4 5 8 0 5 5 5 4 5 Page 0 Hill Cipher Idea: usage of several keys to encrypt blocks of characters Instead of using a vector of keys, construct a atrix with certain properties Perutation Cipher Idea: use a perutation, but do not perute the characters, but their position Let be a positive integer, K = { invertible atrices over Z n } = {A Z n gcd(det(a,n = }, P = C = (Z n For a key k K, we define e k (x = xk od n d k (y = yk od n, where x, y Z n Exaple: n=37, =, P=C={0,,9,_,a,,z}, 3 3 plaintext: good = (7,5,5,4, k = 5 3 3 = 5 ( 7,5 ( 9,4 3 3 = 5 ( 5,4 ( 3,7 Cipher text: 94CG Let be a positive integer, P = C = (Z n, K=S({,,} For a key (a perutation p K, we define e p (x,,x = (x p(,,x p( d p (y,,y = (y s(,,y s( where s = p is the inverse perutation of p Exaple: n=37, P=C={0,,9,_,a,,z}, = 5 Plaintext: [she_i s_bea utifu l] Key = (,4,,5,3 Cipher text: [_EISH EBAS_ FIUUT L_] Page Page

Breaking Monoalphabetic Ciphers Statistical Characteristics of English Language Monoalphabetic ciphers preserve the frequency of alphabetic characters, pairs, etc Identify alphabetic characters due to their frequency Method to decipher natural languages: Deterine frequency of alphabetic characters of the cipher text Identify alphabetic characters according to their frequency: e, n, i, s, r, a, t (in Gerany: e, n, r, i, s, t, u, d, a, g, l, o, Deterine frequency of pairs Identify eg er to distinguish between er es 3 Look at identified text, resubstitute, guess, Solution: extension of alphabet, eg Data Encryption Stard (DES: 64 characters letter a b c d e f g h i k l probability 08 05 08 043 7 0 00 06 070 00 008 040 04 letter n o p q r s t u v w x y z probability 067 075 09 00 060 063 09 08 00 03 00 00 00 Partition into five groups: E, having probability about 0 T,A,O,I,N,S,H,R, each having probabilities between 006 009 3 D,L, each having probabilities around 004 4 C,U,M,W,F,G,Y,P,B, each having probabilities between 005 008 5 V,K,J,X,Q,Z, each having probabilities less than 00 Digra frequencies th he an 035 05 07 in er re 069 054 048 Page 3 Page 4 Exaple: Cipher Text fro Affine Cipher Secrecy of Cryptosystes: Entropy Cipher text: FMXVEDKAPHFERBNDKRXRSREFMORUDSDKDVSHVUFEDKAPRKDLYEVLRHHRH letter frequency a b c d 7 e 5 f 4 g h 5 Guess: R (8 occurrences is encryption of e D (7 occurrences is encryption of t e k (4 = 7, e k (9 = 3 4a + b = 7, 9a + b = 3 a = 6, b = 9 d k (y = 9y 9 Plaintext: algorithsarequitegeneraldefinitionsofaritheticprocesses i k 5 l n o p q r 8 s 3 t u v 4 w x y z Page 5 Entropy: atheatical easure of inforation or uncertainty An event occurring with probability p ight be encoded by a bit string of approxiate length log c p Let X { x,, x }, P be an ro variable which takes on a finite set of ( X = x = p Entropy of X : the distribution of X a constant c >, with p H( X = 0 = for =,,, p log p c = p = values Reark: c characterises the nuber of values for eleents to be encoded Noral case: c =, ie x {0, } Exaple: let c =, = 8, p = = p 8 = 05 H(X = 8 (05 log 05 = log 05 = 3 You need 3 binary values to encode (identify one of the 8 characters Page 6

Perfect Security Perfect Security Properties A cryptosyste has perfect security, if the probability for the plaintext to be s independent of having observed the ciphered text to be y Let (P,C,K,E,D be a cryptosyste, P = {x,,x }, K = {k,, k l }, C = {y,,y n } P: (W,A,P P ro variable, P(P= = p i K: (W,A,P K ro variable, P(K=k = q The distribution of C=e(M,K is defined as P( C = y = r = p q i i, : e( xi, k = y Definition: A cryptosyste (P,C,K,E,D has perfect security, if H(M C = H(M Let (P,C,K,E,D be an cryptosyste with P(P=x > 0 for all x P, P(K=k > 0 for all k K, C = {e(x,k x P, k K} P = K Then: (P,C,K,E,D has perfect security, if P(K=k = for all k K K for all x P, y C exists exactly one k K: e(x,k = y Exaple: let M = K = C = {A,,Z}, define e k (x = x + k od 6, d k (y = y k od 6 If P(K=k = K then the cryptosyste has perfect security (for exactly one letter Page 7 Page 8 Strea Ciphers Structure of Strea Ciphers Advanced ciphering ethod: strea ciphers Strea ciphers encrypt a data strea as it coes in Key is as long as the data strea Exaple: Red Telephone between Moskov Washington is secured with a strea cipher Practical Methods: Synchronous strea cipher Selfsynchronising strea cipher Linear Feedback Shift Registers Idea: convert a strea of plain text into a strea of cipher text by cobining it with a keystrea as long as the plain text Proble: how to produce keystreas? initial state internal state next state function output function keystrea plaintext c i cipher text key k plaintext Define initial state for keystrea Define 'next state' function: cobine the current keystrea eleent with the key k previous cipher text characters Output function can further odify the internal state Encrypt each character of plaintext with a character of the keystrea, eg by XOR ( Page 9 Page 0

Definition of Strea Ciphers Autokey Cipher (Siplest Strea Cipher A Strea Cipher is a tuple (P,C,K,L,F,E,D, where the following conditions are satisfied: P is a finite set of possible plaintexts C is a finite set of possible cipher texts K, the keyspace, is a finite set of possible keys L is a finite set called the keystrea alphabet F = (f, f, is the keystrea generator For i, f i : K P i L For each z L, there is an encryption rule e z E a corresponding decryption rule d z D e z : P C d z : C P are functions such that d z (e z (x = x for every plaintext x P Idea: use key k as initial state for the first character For each following character, use the previous one for encryption Encryption is ade like in shift cipher Let P = C = K = L = Z n, z = k, + = For 0 z < n define e z (x = x + z od n d z (y = y z od n, where x,y Z n Principle: plaintext strea: x x x 3 x r encoding + k x x x r cipher strea: c c c 3 c r decoding k x x x r receiver gets: x x x 3 x r Exaple: n = 6, k = 4, plaintext thisisinsecure As strea of integers: 9 7 8 8 8 8 8 3 8 4 0 7 4 Keystrea: 4 9 7 8 8 8 8 8 3 8 4 0 7 Cipher text: 7 0 5 0 0 0 0 5 6 HAPAAAAVFWGWBV Page Page Verna Cipher Security Probles of Verna Cipher Idea: use a special case of the Vigenere Cipher Choose a vector of keys as long as the plaintext In the ideal case, the key is a roly generated strea Let P = C = K = L = Z n For each z L, 0 < n: p( z = = define e z (x = x + z od n d z (y = y z od n, where x,y Z n n Exaple: n = Plaintext: 00000000000 Key: 00000000000 Cipher Text: 00000000000000 Proble: if sae key is used twice, the Verna Cipher is insecure Let x = (,, s, x = (n,, n s, k = (z,, z s, y l = (c,, c s = ( + z,, s + z s y = (d,, d s = (n + z,, n s + z s Then for all i =,, s: ( ci di od 6 = (( i + zi od 6 ( ni + zi od 6 = ( n od 6 Solution: Onetie Pad any key is used only once i i Decrypt x x at the sae tie by using differences of coon letters Page 3 Page 4

Proble: Key Distribution OnetiePad is perfectly secure But how can the roly chosen key be counicated to the receiver? New proble: Transport of the key is as difficult as the transport of the essage! Solution: Usage of pseudorogenerators Best known: x 0 is starting value + = a + b od, for a, b suitably chosen Looks roly, but is absolutely not ro if x 0 is known Synchronous strea cipher Selfsynchronising strea cipher Linear feedback shift register But: Systes are no longer perfectly secure! Synchronous Strea Cipher Characteristics: Keystrea is generated independently fro cipher strea Key k is exped into a keystrea z z z 3 internal state next state function output function keystrea plaintext c i cipher text key k plaintext The keystrea generators on sender receiver side ust be synchronised: if one bit is lost, on receiver side all following bits are decrypted incorrectly No propagation of transission errors: only the garbled bit is decrypted incorrectly Protection against insertion deletion in the cipher text, because these would cause a loss of synchronisation Page 5 Page 6 Generating a Keystrea for Synchronous Strea Ciphers Siple exaples for keystrea ciphers are: Shift Cipher Use a constant keystrea with z = z = z 3 Vigenere Cipher For k = (k,, k repeat key eleents with period = + k is the start vector But: practical keystreas ust have a long period Use Vigenere Cipher with k = (k,, k Keystrea could be generated by + = + + od n Exaple: = 4, n =, k = (, 0, 0, 0 With +4 = + + od generate keystrea:, 0, 0, 0,, 0, 0,,, 0,, 0,,,, Page 7 SelfSynchronising Strea Ciphers key k Characteristics: Each keystrea bit is a function of the previous n cipher text bits The key k further odifies the output of the keystrea generator initial state internal state next state function output function keystrea plaintext c i cipher text Usage of a nbit header roly generated; after this header, both keystrea generators are synchronised Decryption keystrea generator autoatically synchronises with encryption keystrea generator Error propagation: for each cipher text bit gabled, the decryption keystrea generator produces n incorrect keystrea bits Page 8

Linear Feedback Shift Registers (LFSR Shift Register for Keystrea Generation Idea: Generate keystrea by use of shift registers of length As initial state, use a key k = (k,, k Siplest exaple: Autokey Cipher for = Generation of keystrea in three stages: k is used as next keystrea bit k,, k are shifted one stage to the left 3 Copute the new value of k by a 'linear feedback': = 0 a k + The values a {0, } are coefficients which deterine, which k are to be considered for coputing k k = For achieving a long period: see LFSR as polynoial Degree of polynoial is length of shift register: k k 4 x 4 + k 3 x 3 + k x k k 3 k 4 + k x + For a axialperiod LFSR, the polynoial fored by the shift register plus the constant ust be a priitive polynoial od Priitive polynoial of degree n: irreducible polynoial that divides x n +, but not x d + for any d that divides n Exaple: = 4 Actual keystrea bit k k k 3 k 4 + 3 Cobine several shift registers for longer periods Exaples: Geffe Generator, Alternating StopGo Generator Page 9 Page 30 Geffe Generator Alternating StopGo Generator Characteristics: Keystrea generator using 3 LFSRs, cobined in nonlinear anner Two LFSRs are input to a ultiplexer One LFSR controls output If a, a, a 3 are outputs of the LFSRs, the overall output is b = (a a ( (a a 3 Characteristics: Keystrea generator using 3 LFSRs of different length LFSR is clocked when the output of LFSR is LFSR3 is clocked when the output of LFSR is 0 The output is a xor of LFSR LFSR3 LFSR LFSR3 LFSR a a 3 a to Multiplexer b Linear coplexity: if the LFSRs have the lengths n, n, n 3 the linear coplexity of the generator is (n + n + n n 3 (the '+' coes fro the negation operation Cryptographically weak, falls to a correlation attack: the output b equals the output of LFSR LFSR3 75% of the tie LFSR clock LFSR LFSR3 b Long period large linear coplexity Correlation attack against LFSR possible, but it does not substantially weaken the generator Page 3 Page 3

Block Ciphers Definition of Block Ciphers Block ciphers siultaneously encrypt groups of characters of a plaintext essage using a fixed encryption transforation Meoryless, ie the sae function ( the sae key is used to encrypt successive blocks Practical Methods: Data Encryption Stard (DES International Data Encryption Algorith (IDEA Advanced Encryption Stard (AES A Block Cipher is a function which aps nbit plaintext blocks to nbit cipher text blocks; n is called the blocklength A nbit Block Cipher is a tuple (P,C,K,E,D, where the following conditions are satisfied: P = Z n is a finite set of possible plaintext blocks over Z of length n C = Z n is a finite set of possible cipher text blocks over Z of length n K, the keyspace, is a finite set of possible keys For each k K, there is an encryption rule e k E a corresponding decryption rule d k D: e k : P x K C is an biective apping (the encryption function for k, d k : C x K P is the inverse apping (the decryption function with d k (e k (x = x for every plaintext x P Page 33 Page 34 Design Characteristics for Block Ciphers Definition of Encryption Function e k Choice of blocklength n n too long coplex algorith, perforance loss n too short weak encryption, easy to attack Modern variants use n = 40 56 bit, 64 bit is seen as the right coproise Definition of encryption function e k Assue n = 64, = : apping of 64 64 values would take about 70 bit For encryption decryption it is not possible to use a table using algoriths for replacing blocks Achieving different results by using a secret key k in the algorith syetric cryptography, secret key cryptography Good algoriths can be published, data are protected by hiding the key Choice of the key length of k Practical key length: 40 56 bit k too short systeatic testing of all valid keys (Brute Force attack Against Brute Force attacks, a iniu of 70 bit are necessary Page 35 Encryption function Use a cobination of substitution perutation, called a round Nuber of rounds deterines the quality of the encryption Substitution Divide a nbit block in saller chunks with bit ( typically = 4 6 Replacing a bit block with another one by using a table Perutation Exchanging bits by using an invertible function (Perutation Cipher Result of one round Should look like a succession of ro nubers Each input bit should have the sae influence on an output bit Achieved by alternating application of substitution perutation Suitable choice n = ², ie each bit of one bit chunk of the input block Can be passed to a different bit chunk of the output block Reark: encryption decryption have the sae expense Page 36

One Round in an Encryption Function 64 bit input block 8 bit 8 bit 8 bit 8 bit 8 bit 8 bit 8 bit 8 bit k S S S 3 S 4 S 5 S 6 S 7 S 8 8 bit 8 bit 8 bit 8 bit 8 bit 8 bit 8 bit 8 bit 64 bit interediate block 64 bit output block Input block with 64 bit Divide input block into 8bit pieces (n = 8bit substitution functions s i derived fro the key k Join 8bit blocks into an interediate block Perutation of the 64 bits, possibly based on the key (best diffusion of single bits by apping the bits of an 8bit piece into different output pieces Page 37

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback