Symmetric Encryption – an Introduction
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Block Ciphers
Block Ciphers Chester Rebeiro IIT Madras CR STINSON : chapters 3 Block Cipher KE KD untrusted communication link Alice E D Bob #%AR3Xf34^$ “Attack at Dawn!!” message encryption (ciphertext) decryption “Attack at Dawn!!” Encryption key is the same as the decryption key (KE = K D) CR 2 Block Cipher : Encryption Key Length Secret Key Plaintext Ciphertext Block Cipher (Encryption) Block Length • A block cipher encryption algorithm encrypts n bits of plaintext at a time • May need to pad the plaintext if necessary • y = ek(x) CR 3 Block Cipher : Decryption Key Length Secret Key Ciphertext Plaintext Block Cipher (Decryption) Block Length • A block cipher decryption algorithm recovers the plaintext from the ciphertext. • x = dk(y) CR 4 Inside the Block Cipher PlaintextBlock (an iterative cipher) Key Whitening Round 1 key1 Round 2 key2 Round 3 key3 Round n keyn Ciphertext Block • Each round has the same endomorphic cryptosystem, which takes a key and produces an intermediate ouput • Size of the key is huge… much larger than the block size. CR 5 Inside the Block Cipher (the key schedule) PlaintextBlock Secret Key Key Whitening Round 1 Round Key 1 Round 2 Round Key 2 Round 3 Round Key 3 Key Expansion Expansion Key Key Round n Round Key n Ciphertext Block • A single secret key of fixed size used to generate ‘round keys’ for each round CR 6 Inside the Round Function Round Input • Add Round key : Add Round Key Mixing operation between the round input and the round key. typically, an ex-or operation Confusion Layer • Confusion layer : Makes the relationship between round Diffusion Layer input and output complex. -
Mcoe: a Family of Almost Foolproof On-Line Authenticated Encryption Schemes
McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes Ewan Fleischmann Christian Forler Stefan Lucks Bauhaus-Universit¨atWeimar FSE 2012 Fleischmann, Forler, Lucks. FSE 2012. McOE: A Family . {1{ Overview Fleischmann, Forler, Lucks. FSE 2012. McOE: A Family . {2{ 1. Motivation I Goldwasser and Micali (1984): requirement: given 2 ciphertexts, adversary cannot even detect when the same plaintext has been encrypted twice consequence: encryption stateful or probabilitistic (or both) I Rogaway (FSE 2004): formalizes state/randomness by nonces Plaintext Header Key Nonce 01 02 03 ... Ciphertext Authentication Tag Fleischmann, Forler, Lucks. FSE 2012. McOE: A Family . {3{ Authenticated Encryption I first studied by Katz and Young (FSE 2000) and Bellare and Namprempre (Asiacrypt 2000) I since then many proposed schemes, I nonce based, Plaintext Header Key Nonce I and proven secure assuming a \nonce-respecting01 02 03 ... adversary" I any implementation allowing a nonce reuse is not our problem . but maybe it shouldCiphertext Authentication Tag Fleischmann, Forler, Lucks. FSE 2012. McOE: A Family . {4{ Nonce Reuse in Practice I IEEE 802.11 [Borisov, Goldberg, Wagner 2001] I PS3 [Hotz 2010] I WinZip Encryption [Kohno 2004] I RC4 in MS Word and Excel [Wu 2005] I ... application programmer other issues: mistakes: I restoring a file from a backup I cloning the virtual machine the application runs on I ... Fleischmann, Forler, Lucks. FSE 2012. McOE: A Family . {5{ Nonce Reuse { what to Expect? our reasonable (?) expectations I some plaintext information leaks: I identical plaintexts I common prefixes I ect. I but not too much damage: 1. authentication not affected 2. -
Elastic Block Ciphers: the Basic Design
Elastic Block Ciphers: The Basic Design ∗ † Debra Cook Angelos Keromytis Moti Yung Bell Labs Columbia University RSA Labs, EMC Corp, and Murray Hill, NJ, USA Dept. of Computer Science Columbia University [email protected] New York, NY, USA Dept. of Computer Science [email protected] [email protected] ABSTRACT We introduce the concept of an elastic block cipher, which We introduce the concept of an elastic block cipher, which allows us to ”stretch” the supported block size of a block refers to stretching the supported block size of a block ci- cipher up to a length double the original block size, while pher to any length up to twice the original block size while increasing the computational workload proportionally to the incurring a computational workload that is proportional to block size. This, together with modes of operation, permits the block size. We define a method for converting any ex- block sizes to be set based on an application’s requirements, isting block cipher into an elastic block cipher and mention allowing, for example, a non-traditional block size to be used our analysis of the construction. for all blocks, or a traditional block size to be used for all but the last block in a given mode of operation. We pro- Categories and Subject Descriptors pose a general method for creating an elastic block cipher E.0 [General]: Data Encryption from an existing block cipher. Our intent is not to design a new ad-hoc cipher, but to systematically build upon existing General Terms block ciphers. Our method consists of a network structure block ciphers, algorithms, encryption that uses the round function from an existing block cipher, allowing us to treat the round function of the original ci- Keywords pher as a black box and reuse its properties. -
Block Ciphers II
Block Ciphers II Martin Stanek Department of Computer Science Comenius University [email protected] Cryptology 1 (2021/22) Block Ciphers 1 / 26 , Content Confidentiality modes – ECB, CBC, OFB, CFB, CTR Padding Padding oracle attack Ciphertext stealing Authenticated encryption – CCM, GCM Other constructions Format-preserving encryption Encryption of block devices Theoretical security of block ciphers Block Ciphers 2 / 26 , Modes of operation I plaintext usually much longer than the block length I modes of operation can provide: I confidentiality (and not authenticity) ...“traditional” modes I authenticity (and not confidentiality) I confidentiality & authenticity (authenticated encryption) I confidentiality for block-oriented storage devices (e.g. disks) I key wrapping I format-preserving encryption, ... I varying requirements (speed, security properties, ability to parallelize, availability of RNG, etc.) ) different modes Block Ciphers 3 / 26 , Confidentiality modes I the most important confidentiality modes: ECB, CBC, OFB, CFB, CTR I e.g. see NIST SP 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques I None of these modes provide protection against accidental or adversarial modifications of ciphertext! I however, the effect of ciphertext modification on resulting plaintext varies among modes Block Ciphers 4 / 26 , ECB (Electronic Codebook) P1 P2 P1 P2 Ek Ek Dk Dk C1 C2 C1 C2 encrypt: Ci = Ek (Pi) decrypt: Pi = Dk (Ci) I the simplest mode I data leaks: Ci = Cj , Pi = Pj I easy to rearrange the ciphertexts blocks (permute, duplicate, ...) I encryption and decryption trivially parallelizable I easy to perform a seek (random access) I bit changes do not propagate (single block affected) Block Ciphers 5 / 26 , CBC (Cipher Block Chaining) 1 P1 P2 P1 P2 IV IV (C0) (C0) Ek Ek Dk Dk C1 C2 C1 C2 encrypt: Ci = Ek (Pi Ci 1) decrypt: Pi = Dk (Ci) Ci 1 ⊕ − ⊕ − I IV (initialization vector) – secrecy not required, usually appended as C0 I popular mode (e.g. -
Performance Evaluation of Newly Proposed Lightweight Cipher, BRIGHT
Received: January 22, 2019 71 Performance Evaluation of Newly Proposed Lightweight Cipher, BRIGHT Deepti Sehrawat1* Nasib Singh Gill1 1Department of Computer Science & Applications, Maharshi Dayanand University, Rohtak, Haryana, India * Corresponding author’s Email: [email protected] Abstract: Lightweight security algorithms are tailored for resource-constrained environment. To improve the efficiency of an algorithm, usually, a tradeoff is involved in lightweight cryptography in terms of its memory requirements and speed. By adopting several performance enhancement techniques, a security framework for IoT enabled applications is presented in this paper. Proposed BRIGHT family of ciphers is comparably better than existing lightweight ciphers and support a range of block and key sizes for constraint environment. It enables users to match their security needs with application requirements by supporting a range of cryptographic solutions. The BRIGHT family of ciphers is a software-oriented design. The performance of BRIGHT family of lightweight ciphers is evaluated on different parameters. All versions of BRIGHT family ciphers fulfill Strict Avalanche Criteria, key sensitivity test, and randomness test. BRIGHT family ciphers show better performance in terms of memory requirements, cost and speed as compared to existing lightweight ciphers. Keywords: Performance evaluation, BRIGHT, Cryptographic solutions, Lightweight block cipher, ARX, GFN, Feistel block ciphers. devices information security is evidently necessary 1. Introduction [3]. To provide high security and privacy, cryptographic solutions must be used. However, due In IoT field, various resource constraints devices to very low available energy, the limited size of ROM communicate in the network using RFID (Radio and RAM consumption and high-security demand in Frequency Identification Devices) which is a fast- a resource-constrained environment, lightweight growing technology that allows automated cryptographic security solutions are required [4]. -
Network Security H B ACHARYA
Network Security H B ACHARYA NETWORK SECURITY Day 2 NETWORK SECURITY Encryption Schemes NETWORK SECURITY Basic Problem ----- ----- ? Given: both parties already know the same secret How is this achieved in practice? Goal: send a message confidentially Any communication system that aims to guarantee confidentiality must solve this problem NETWORK SECURITY slide 4 One-Time Pad (Vernam Cipher) ----- 10111101… ----- = 10111101… 10001111… = 00110010… 00110010… = Key is a random bit sequence as long as the plaintext Decrypt by bitwise XOR of ciphertext and key: ciphertext key = (plaintext key) key = Encrypt by bitwise XOR of plaintext (key key) = plaintext and key: plaintext ciphertext = plaintext key Cipher achieves perfect secrecy if and only if there are as many possible keys as possible plaintexts, and every key is equally likely (Claude Shannon, 1949) NETWORK SECURITY slide 5 Advantages of One-Time Pad Easy to compute ◦ Encryption and decryption are the same operation ◦ Bitwise XOR is very cheap to compute As secure as theoretically possible ◦ Given a ciphertext, all plaintexts are equally likely, regardless of attacker’s computational resources ◦ …if and only if the key sequence is truly random ◦ True randomness is expensive to obtain in large quantities ◦ …if and only if each key is as long as the plaintext ◦ But how do the sender and the receiver communicate the key to each other? Where do they store the key? NETWORK SECURITY slide 6 Problems with One-Time Pad Key must be as long as the plaintext ◦ Impractical in most realistic -
Applied Cryptography and Data Security
Lecture Notes APPLIED CRYPTOGRAPHY AND DATA SECURITY (version 2.5 | January 2005) Prof. Christof Paar Chair for Communication Security Department of Electrical Engineering and Information Sciences Ruhr-Universit¨at Bochum Germany www.crypto.rub.de Table of Contents 1 Introduction to Cryptography and Data Security 2 1.1 Literature Recommendations . 3 1.2 Overview on the Field of Cryptology . 4 1.3 Symmetric Cryptosystems . 5 1.3.1 Basics . 5 1.3.2 A Motivating Example: The Substitution Cipher . 7 1.3.3 How Many Key Bits Are Enough? . 9 1.4 Cryptanalysis . 10 1.4.1 Rules of the Game . 10 1.4.2 Attacks against Crypto Algorithms . 11 1.5 Some Number Theory . 12 1.6 Simple Blockciphers . 17 1.6.1 Shift Cipher . 18 1.6.2 Affine Cipher . 20 1.7 Lessons Learned | Introduction . 21 2 Stream Ciphers 22 2.1 Introduction . 22 2.2 Some Remarks on Random Number Generators . 26 2.3 General Thoughts on Security, One-Time Pad and Practical Stream Ciphers 27 2.4 Synchronous Stream Ciphers . 31 i 2.4.1 Linear Feedback Shift Registers (LFSR) . 31 2.4.2 Clock Controlled Shift Registers . 34 2.5 Known Plaintext Attack Against Single LFSRs . 35 2.6 Lessons Learned | Stream Ciphers . 37 3 Data Encryption Standard (DES) 38 3.1 Confusion and Diffusion . 38 3.2 Introduction to DES . 40 3.2.1 Overview . 41 3.2.2 Permutations . 42 3.2.3 Core Iteration / f-Function . 43 3.2.4 Key Schedule . 45 3.3 Decryption . 47 3.4 Implementation . 50 3.4.1 Hardware . -
Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format. -
Journal Paper Format
International Journal of Advanced Science and Technology Vol. 28, No. 8, (2019), pp. 282-288 Cryptographic protocols for Mobile Cloud Computing Suresh.P1, Venkatagiri J2,Lochan B3, Dr. Pritam Gajkumar Shah4 Abstract Cloud computing will be the buzzword of an Information Technology to access the different resources placed all across the globe with the help of the Internet. With the advancement in mobile technology the number of users accessing the resources placed across the data centres will also get increased, through their mobile devices. With many technologies are evolved to provide security to the user while on transit, still not much security is given while the user is on the transit, which will be the main concern for people who are going to use the cloud resources through mobile devices across the world. Providing the security from the data which is a main concern for the data centers. Keywords: Cloud computing, protocols, Security 1. Introduction Since in todays world every human being is making use of mobile devices for their daily day to day activities. People want to access the resources while on a go. With the invention of the cloud computing the data can be accessed through the computer as well as the mobile device. Mobile cloud computing has been introduced to make use of the cloud resources through mobile servers. Mobile cloud computing is a combination of cloud computing and mobile services working together. With the accessing of the cloud resources on move, severe drawbacks has to be faced related to the performance, security(Reliability and privacy) and environment( Low bandwidth, Service and heterogeneity) along with scalability and availability. -
The Security of Ciphertext Stealing
The Security of Ciphertext Stealing Phillip Rogaway1, Mark Wooding2, and Haibin Zhang1 1 Dept. of Computer Science, University of California, Davis, USA 2 Thales e-Security Ltd, UK Abstract. We prove the security of CBC encryption with ciphertext stealing. Our results cover all versions of ciphertext stealing recently recommended by NIST. The complexity assumption is that the under- lying blockcipher is a good PRP, and the security notion achieved is the strongest one commonly considered for chosen-plaintext attacks, indis- tinguishability from random bits (ind$-security). We go on to generalize these results to show that, when intermediate outputs are slightly de- layed, one achieves ind$-security in the sense of an online encryption scheme, a notion we formalize that focuses on what is delivered across an online API, generalizing prior notions of blockwise-adaptive attacks. Finally, we pair our positive results with the observation that the ver- sion of ciphertext stealing described in Meyer and Matyas’s well-known book (1982) is not secure. Keywords: blockwise-adaptive attacks, CBC, ciphertext stealing, cryp- tographic standards, modes of operation, provable security. 1 Introduction Ciphertext stealing. Many blockcipher modes require the input be a se- quence of complete blocks, each having a number of bits that is the blockcipher’s blocksize. One approach for dealing with inputs not of this form is ciphertext stealing. The classical combination is CBC encryption and ciphertext stealing, a mode going back to at least 1982 [14]. In 2010, NIST put out an addendum [8] to Special Publication 800-38A [7], the document that had defined blockcipher modes ECB, CBC, CFB, OFB, and CTR. -
Data Security
Block ciphers BMEVITMAV52 Information and Network Security [email protected] History of cryptography Modern cryptography • Beginning with 1949 – Claude Shannon: Communication Theory of Secrecy Systems • Solid theoretical basis for cryptography and for cryptanalysis – No more alphabets, but ‘bits’ and ‘bytes’ • 1975 DES – Data Encryption Standard • 1976 Diffie-Hellman key exchange • 1977 RSA 2019/20-1 Information and Network Security 2 Block ciphers • Definition – Function that transfers n-bit plaintext block to n-bit ciphertext block (n is the blocklength) – The function is parameterized by a k-bit key – One-to-one mapping (invertible) • Symmetric key block ciphers – E(P,K)=C, D(C,K)=P • Asymmetric key block ciphers – E(P,K1)=C, D(C,K2)=P 2019/20-1 Information and Network Security 3 Well known symmetric block ciphers • 1976: USA standard cipher: DES (Data Encryption Standard) – 64 bit block length, 56 bit key length – As of today it is insecure and slow • 3DES: 3x DES cipher in a row – 2x not enough, 2 keys are already enough – 64 bit block length, 112 bit key length – Satisfactory security, but slow • 2001: AES, the new cipher standard (Advanced Encryption Standard) – 128 bit block length, 128-192-256 bit key length – State of the art security and speed • Other, less known ciphers – IDEA, Twofish, Blowfish, RC5 2019/20-1 Information and Network Security 4 Requirements to modern ciphers • Avalanche effect – Changing one bit in the input changes half of the output bits • Completeness – Each ciphertext bit is a complex function of -
An Efficient VHDL Description and Hardware Implementation of The
An Efficient VHDL Description and Hardware Implementation of the Triple DES Algorithm A thesis submitted to the Graduate School of the University of Cincinnati In partial fulfillment of the requirements for the degree of Master of Science In the Department of Electrical and Computer Engineering Of the College of Engineering and Applied Sciences June 2014 By Lathika SriDatha Namburi B.Tech, Electronics and Communications Engineering, Jawaharlal Nehru Technological University, Hyderabad, India, 2011 Thesis Advisor and Committee Chair: Dr. Carla Purdy ABSTRACT Data transfer is becoming more and more essential these days with applications ranging from everyday social networking to important banking transactions. The data that is being sent or received shouldn’t be in its original form but must be coded to avoid the risk of eavesdropping. A number of algorithms to encrypt and decrypt the data are available depending on the level of security to be achieved. Many of these algorithms require special hardware which makes them expensive for applications which require a low to medium level of data security. FPGAs are a cost effective way to implement such algorithms. We briefly survey several encryption/decryption algorithms and then focus on one of these, the Triple DES. This algorithm is currently used in the electronic payment industry as well as in applications such as Microsoft OneNote, Microsoft Outlook and Microsoft system center configuration manager to password protect user content and data. We implement the algorithm in a Hardware Description Language, specifically VHDL and deploy it on an Altera DE1 board which uses a NIOS II soft core processor. The algorithm takes input encoded using a software based Huffman encoding to reduce its redundancy and compress the data.