Symmetric Key Crypto Alfred C Weaver Tom Horton
- Slides: 36
Symmetric Key Crypto Alfred C. Weaver Tom Horton CS 453 Electronic Commerce 1
l Readings: l l l Chapter 13 of Treese and Stewart textbook Web resources Weaver’s References l l l Bruce Schneier, “Applied Cryptography, ” John Wiley & Sons Andrew Tanenbaum, “Computer Networks, ” Prentice-Hall Jim Kurose and Keith Ross, “Computer Networking, ” Addison-Wesley 2
Symmetric Key Encryption Plaintext Encryption Key Ciphertext Decryption Original Plaintext Decryption Key 3
Evaluating SKC l How do you break this strategy? What’s the risk? l Odd question for the moment: Is this the strategy we want for encrypting passwords for authentication? 4
Answers l Question 1: How do you break this strategy? What’s the risk? l l Answer: Attack the key! Can you guess it? Find it? Question 2: Is this the strategy we want for encrypting passwords for authentication? l l Answer: No. Use a one-way hash to convert plain-text to cipher-text. Store cipher-text on system. At authentication, hash what the user types and compare two cipher-texts for match. How to attack? Same as above. 5
Topics l What are some major (historical) SKC algorithms? l l DES, Triple-DES, IDEA, RC 4, AES How do they work? (Hmm. ) Where do they stand? How do they fit into larger systems? 6
Data Encryption Standard l l l Government requested white papers on proposed cryptographic standard in early 1970 s IBM responded with a clever design NSA approved (and changed) the design NBS (now NIST) certified the design in 1976 as Data Encryption Standard (DES) Recertified in 1987 and 1993 World’s most commonly used algorithm 7
DES l l Iterated block cipher with 56 -bit key (although 64 are specified, 8 are parity) Iterated l l l Block cipher l l multiple repetitions of basic algorithm DES uses 16 rounds encrypts fixed-size data groups DES uses 8 -byte (64 -bit) blocks data divided into 64 -bit chunks Key space l 256 keys ~= 72 x 1015 possible keys 8
DES l Uses a combination of confusion and diffusion l l every bit of the key (56 bits) and every bit of the plaintext (64 bits) affects every bit of the ciphertext (64 bits) key is shifted and massaged each round to produce a subkey plaintext is permuted, shifted, selected, and massaged against a permuted, shifted, and selected subkey 16 times each 64 -bit plaintext produces a 64 -bit ciphertext 9
DES Plaintext Permutation L 0 + R 0 K 1 f one round R 1 = L 0 f (R 0, K 1) L 1 = R 0 …. . R 16 = L 15 f (R 15, K 16) L 16 = R 15 Permutation Ciphertext 10
DES l l l 1. Plaintext enters as 64 -bit block 2. Bits are permuted and divided into lefthand side (L 0) and right-hand side (R 0) 3. Repeat 16 rounds of encryption: l l (a) Key from previous round is divided into two 28 bit halves (b) Each half of key is shifted and subjected to a compression permutation that selects 48 of the 56 bits for propagation into the next round 11
DES l l l (c) Right-hand side Ri from previous round subjected to expansion permutation that increases 32 bits into 48 bits by selective repetition of certain bits (d) Expanded, permuted right-hand side Ri is exclusive-ORed with shifted, compressed key (e) Result goes through substitution box that moves the bits around and expands 32 bits into 48 bits temporarily 12
DES l l l (f) Temporary result goes through a permutation box that moves bits around and reduces 48 bits to 32 bits (g) Left-hand side is exclusive-ORed with output of permutation box to produce a new right-hand side (h) New left-hand side is copied from right-hand side of previous round 13
DES l At the end of 16 rounds l l 64 -bit result permuted once more Final 64 -bit ciphertext emitted Note: no security due to secrecy—the algorithm has been published and studied extensively since 1975 All the security is in the key 14
DES Decryption l l l Use the ciphertext as the plaintext Use same initial key Run the algorithm backwards through 16 rounds, using subkeys in reverse order K 16, K 15, …, K 1 DES outputs the plaintext Many companies now offer DES on a chip so it runs at wire speed 15
16
DES Implementation l Java implementation of DES available at http: //intercom. virginia. edu/crypto. html 17
A Brief IBM / NSA History l l l l l IBM needed crypto for ATM Idea began as Lucifer with 128 -bit key IBM needed an export license NSA agreed to vet the algorithm NSA probably changed the S-boxes NSA told IBM to reduce the key size IBM agreed to 64 bits Production reduced it to 56 bits plus parity IBM got its export license 18
Security of DES l l DES started in 1976 It was secure then – but now Jan. 1997: RSA Data Security issued a cryptographic challenge Research project DESCHALL used distributed computing (14, 000 unique computers over 3 months) to crack DES with 56 -bit key l http: //www. interhack. net/projects/deschall/ l At its peak, DESCHALL was testing 7 billion keys/second 19
Security of DES l l l July 1998: DES Challenge II Electronic Frontier Foundation (EFF) built a DES code-cracker for $250 k Cracked DES in 3 days Jan. 1999: DES Challenge III Distributed. Net used EFF DES cracker plus 100, 000 PCs on the Internet to crack DES in 22 hours 15 min. Testing 245 billion keys/sec when key was found 20
Security of DES l l Reported in late 90 s that DES could be cracked “in a few hours” (presumably by NSA) Reasonable to assume that DES can now be cracked very quickly with special hardware and/or a distributed approach 21
Weak Keys l Some 56 -bit keys are known to be weak l l l 0000000 FFFFFFF Repeating bits do not “stir” well when shifted Also some “possibly weak” keys, but these are identified in the literature so don’t use them 22
Triple-DES l l Triple-DES invented to boost security Uses three separate encryption and decryption cycles with two or three unique keys Two unique keys gives 2 x 56=112 bit protection Three unique keys gives 3 x 56=168 bit protection 23
Triple-DES Plaintext DES-1 DES Key-1 Key-2 Key-3 DES-1 DES- Ciphertext 1 24
Triple-DES with Three Unique Keys l Sender: l l Receiver: l l Encrypt with Key-1 Decrypt with Key-2 (decryption has same scrambling power as encryption) Encrypt with Key-3 Decrypt with Key-3 Encrypt with Key-2 Decrypt with Key-1 Power: 56 x 3=168 bit key 25
Triple-DES with Two Unique Keys l Sender: l l Receiver: l l Encrypt with Key-1 Decrypt with Key-2 Encrypt with Key-1 again Decrypt with Key-1 Encrypt with Key-2 Decrypt with Key-1 Power: 56 x 2=112 bit key 26
Triple-DES with One Unique Key l Sender: l l Receiver: l l Encrypt with Key-1 Decrypt with Key-1 Power: 56 bit key (exactly equal to DES) 27
Triple-DES l Why use three unique keys instead of one? l l Why use two keys instead of one? l l l that’s easy! power of 168 -bit key vs. 56 -bit key many, many orders of magnitude harder to crack than DES power of 112 -bit key vs. 56 -bit key many orders of magnitude harder to crack than DES two keys (112 bits) easier to manage than three (doubtful) 112 -bit key is fairly secure today Why use one key instead of two or three? l l l setting key 1=key 2=key 3 makes 3 DES interoperate with DES of course the power is just one 56 -bit key only use would be for backward compatibility 28
Security of DES and Triple. DES l Is DES suitable for commercial transactions? l l l today the answer is no nevertheless it is in daily, wide-spread use Triple-DES very robust, very well suited to commercial activities 29
IDEA l International Data Encryption Algorithm l l proposed 1992 symmetric-key, 128 bits 64 -bit blocks similar in design, but different in detail, from DES 30
IDEA l Design philosophy is “mixing operations from three algebraic groups” l l l XOR Addition modulo 216 Multiplication modulo 216 + 1 (substitutes for DES S-box) About twice as fast as DES Used in PGP Very strong symmetric key encryption algorithm 31
AES l l l NIST held a competition to replace DES Five serious entries, including 3 DES Winner was Rijndael (pronounced “Rhinedoll”) from two co-inventors in Belgium AES is a 128 -, 192 -, or 256 -bit block cipher Uses 128, 192, or 256 bit symmetric keys AES uses an affine transformation with a non -linear substitution box 32
AES l l l 3. 4 x 1038 128 -bit keys 6. 2 x 1057 192 -bit keys 1. 1 x 1077 256 -bit keys Compare those to DES’s 56 -bit key with 7. 2 x 1016 keys Assume you could crack DES (i. e. , full search of a 56 -bit key space) in one second Then cracking AES with a 128 -bit key would take 149 trillion years l The universe is ~14 billion years old 33
AES l l AES is the way of the future Threats: l l backdoor? (probably not) massive distributed computation quantum computing something we've not thought of 34
Others l RC 4 l l l Developed by Ron Rivest Will pop up in discussions of RSA, SSL Blowfish l l l Developed by Bruce Schneier Free, fast Variable length key 35
Summary and What’s Next l A set of historical algorithms l l Culminating in AES DES illustrates some of the controversies and social issues inherent in cryptography l l Weakness l l PGP too Keys must be shared An alternative l Public Key Encryption, possibly combined with SKC 36
Skew symmetric matrix
Crypto private key storage
Tom tom go 910
Symbols in the devil and tom walker
"asymmetric key"
Encipherment using modern symmetric-key ciphers
Introduction to modern symmetric key ciphers
Traditional ciphers
Symmetric key distribution
Key distribution and management
Security aspects
Message authentication code
Symmetric key
Confidentiality
Symmetric key
Crypto des
Crypto des
Cryptography
Crypto des
Window.crypto.subtle.generatekey
Propchain
Propchain crypto
My crypto world
Ctf
Message authentication code
Asn supply chain
Lapona
Santa crypto
Mmaps crypto
Short. term. crypto. predictions.
Ryan patrick crypto
Pink slip crypto
Xec crypto projet
5x of nn crypto
Lmrst crypto
Secretkey
Credit default swap crypto
