Cryptography 3rd Course Symmetric cryptographic systems
Without key K, from the encrypted message
c=EK(m) nothing can be deduced about m
The encrypted
message c=EK(m) and any information about m say nothing about K Cryptographic protocol
Alice and Bob agree on:
a cryptographic system (E)
a key (K)
Alice encrypts the message m with the key K using the agreed crypto-systems
(c = Ek(m))
Bob decrypts the encrypted message c with the same key K using the agreed crypto-systems Universal operations used in symmetric encryption
Substitution – symbols or groups of symbols are replaced by other symbols or group of symbols
creates confusion
Transposition (permutation) – permutation (shuffle) of symbols inside a block
creates diffusion
Introduced by Claude Shannon in 1949 Block and stream ciphers in symmetric encryption
Block ciphers:
Algorithms that operate on a message by splitting in into blocks (of bits), each block having a fixed dimension
Stream ciphers:
Algorithms that operate “bit by bit” (usually on blocks of size 1 bit) Stream ciphers
a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream) – could be compared to the one-time pad cipher
each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream.
since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher
a digit is typically a bit and the combining operation – XOR
the pseudorandom digits in the keystream are typically generated from a random seed value using digital shift registers
the seed value = cryptographic key Stream ciphers
typically execute at a higher speed than block ciphers and have lower hardware complexity
can be susceptible to serious security problems if used incorrectly:
the same starting state (seed) must never be used twice
Lorenz SZ42 Stream ciphers
Synchronous stream ciphers:
a stream of pseudo-random digits is generated independently of the plaintext and ciphertext messages, and then combined with the plaintext (to encrypt) or the ciphertext (to decrypt)
the sender and receiver must be exactly in step for decryption to be successful:
if digits are added or removed from the message during transmission, synchronization is lost
If a digit is corrupted in transmission, only a single digit in the plaintext is affected and the error does not propagate to other parts of the message Stream ciphers
Self-synchronizing stream ciphers:
uses several of the previous N ciphertext digits to compute the keystream
also known as asynchronous stream ciphers or ciphertext autokey (CTAK)
the receiver will automatically synchronize with the keystream generator after receiving N ciphertext digits:
it easier to recover if digits are dropped or added to the message stream
Single-digit errors affects only up to N plaintext digits Feistel Network
Lucipher cryptosystem
Built by Horst Feistel and Don Coppersmith at IBM in 1973
P-box – permutation box – creates diffusion
S-box – substitution box – creates confusion
XOR operations
Minimum of 16 rounds
F – crypto-round function
K0,l-1 – round key DES Feistel function
E- Expansion function
S1..8 – S-Boxes
P – P-Box Modes of operation of block ciphers
A block is a fixed-length group of bits
A block cipher by itself allows encryption only of a single data block of the cipher's block length.
For a variable-length message, the data must first be partitioned into separate cipher blocks.
Messages come in a variety of lengths, so some modes require that the final block be padded before encryption (ECB and CBC). Electronic Codebook (ECB) mode Electronic Codebook (ECB) mode Cipher Block Chaining (CBC)
An initialization vector (IV) or starting variable (SV) is a block of bits that is used by several modes to:
randomize the encryption
produce distinct ciphertexts even if the same plaintext is encrypted multiple times, without the need for a slower re-keying process
An initialization vector has different security requirements than a key:
the IV usually does not need to be secret
in most cases, it is important that an initialization vector is never reused under the same key Cipher Block Chaining (CBC) Propagating Cipher Block Chaining (PCBC) Cipher Feedback (CFB)
makes a block cipher into a self-synchronizing stream cipher:
if part of the ciphertext is lost, the receiver will lose only part of the original message (garbled content), and should be able to continue to correctly decrypt the rest of the blocks after processing some amount of input data Cipher Feedback (CFB) Output Feedback (OFB)
Makes a block cipher into a synchronous stream cipher Output Feedback (OFB)
Because of the symmetry of the XOR operation, encryption and decryption are the same Counter (CTR)
Nonce = salt
turns a block cipher into a stream cipher
generates the next keystream block by encrypting successive values of a "counter“ (usually 0,1,2,…, but can be any function that guarantees values that don’t repeat Counter (CTR)
allows random access during decryption
if the offset/location information is corrupt, it will be impossible to partially recover the data Cryptographic hash functions
a mathematical algorithm that maps data of arbitrary size (called the "message") to a bit string of a fixed size (the hash value, hash or message digest)
is a one-way function
is practically not feasible to invert Merkle–Damgård construction
IV = initial vector
f= compression function (works on blocks of fixed size)
Merkle and Damgård proposed that messages be padded with a padding that encodes the length of the original message. This is called length padding or Merkle–Damgård strengthening