SymmetricKey Encryption CSE 5351 Introduction to Cryptography Reading

  • Slides: 103
Download presentation
Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: • Chapter 2 • Chapter

Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: • Chapter 2 • Chapter 3 (sections 3. 1 -3. 4) • You may skip proofs, but are encouraged to read some of them. 1

This course: APPLICATIONS (security) Encryption Schemes Pseudorandom Generators And Functions Crypto Protocols Sign/MAC/hash Schemes

This course: APPLICATIONS (security) Encryption Schemes Pseudorandom Generators And Functions Crypto Protocols Sign/MAC/hash Schemes Zero-Knowledge Proof Systems Computational Difficulty (One-Way Functions) 2

3

3

4

4

5

5

6

6

7

7

8

8

9

9

10

10

11

11

12

12

13

13

14

14

Vigenère Cipher 15

Vigenère Cipher 15

16

16

17

17

18

18

19

19

20

20

21

21

22

22

23

23

24

24

25

25

26

26

27

27

28

28

29

29

30

30

31

31

32

32

Stream Ciphers Encryption schemes using pseudorandom generators 33

Stream Ciphers Encryption schemes using pseudorandom generators 33

34

34

35

35

36

36

37

37

38

38

39

39

40

40

41

41

42

42

43

43

44

44

45

45

46

46

47

47

Distinguisher D 48

Distinguisher D 48

49

49

50

50

51

51

52

52

53

53

54

54

55

55

Security of RC 4 • RC 4 is not a truly pseudorandom generator. •

Security of RC 4 • RC 4 is not a truly pseudorandom generator. • The keystream generated by RC 4 is biased. – The second byte is biased toward zero with high probability. – The first few bytes are strongly non-random and leak information about the input key. • Defense: discard the initial n bytes of the keystream. – Called “RC 4 -drop[n-bytes]”. – Recommended values for n = 256, 768, or 3072 bytes. • Efforts are underway (e. g. the e. STREAM project) to develop more secure stream ciphers. 56

The Use of RC 4 in WEP • WEP is an RC 4 -based

The Use of RC 4 in WEP • WEP is an RC 4 -based protocol for encrypting data transmitted over an IEEE 802. 11 wireless LAN. • WEP requires each packet to be encrypted with a separate RC 4 key. • The RC 4 key for each packet is a concatenation of a 40 or 104 -bit long-term key and a random 24 -bit R. RC 4 key: 802. 11 Frame: Long-term key (40 orl 104 bits) Header R l. Message R (24) CRC encrypted 57

WEP is not secure • Mainly because of its way of constructing the key

WEP is not secure • Mainly because of its way of constructing the key • Can be cracked in a minute • http: //eprint. iacr. org/2007/120. pdf 58

59

59

Theory of Block Ciphers Encryption schemes using pseudorandom functions or permutations Reading: Sections 3.

Theory of Block Ciphers Encryption schemes using pseudorandom functions or permutations Reading: Sections 3. 5 -3. 7 of Katz & Lindell 60

61

61

62

62

63

63

64

64

65

65

k 66

k 66

67

67

68

68

69

69

70

70

71

71

72

72

73

73

74

74

75

75

76

76

77

77

78

78

Some properties • In CTR and OFB modes, transmission errors to a block ci

Some properties • In CTR and OFB modes, transmission errors to a block ci affect only the decryption of that block; other blocks are not affected. – useful for communications over an unreliable channel. • In CBC and CFB modes, changes to a block mi will affect ci and all subsequent ciphertext blocks. – These modes may be used to produce message authentication codes (MAC). • In CTR mode, blocks can be encrypted (or decrypted) in parallel or in a “random access” fashion. 79

80

80

81

81

82

82

83

83

84

84

85

85

86

86

87

87

88

88

Practical Block Ciphers: DES and AES DES: Data Encryption Standard (covered in 651) AES:

Practical Block Ciphers: DES and AES DES: Data Encryption Standard (covered in 651) AES: Advanced Encryption Standard Reading: Chapter 5 of Katz/Lindell 89

90

90

91

91

92

92

AES: Advanced Encryption Standard Finite field: The mathematics used in AES.

AES: Advanced Encryption Standard Finite field: The mathematics used in AES.

AES: Advanced Encryption Standard • In 1997, NIST began the process of choosing a

AES: Advanced Encryption Standard • In 1997, NIST began the process of choosing a replacement for DES and called it the Advanced Encryption Standard. • Requirements: block length of 128 bits, key lengths of 128, 192, and 256 bits. • In 2000, Rijndael cipher (by Rijmen and Daemen) was selected. • An iterated cipher, with 10, 12, or 14 rounds. • Rijndael allows various block lengths. • AES allows only one block size: 128 bits. 94

95

95

96

96

97

97

98

98

99

99

100

100

101

101

102

102

A Rijndael Animation by Enrique Zabala 103

A Rijndael Animation by Enrique Zabala 103