DOCSLIB.ORG

ECE596C: Handout #7

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
ECE596C: Handout #7 ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and present the AES cryptosystem. 1 On the Security of DES 1.1 The Avalanche Effect For any encryption/decryption algorithm, a desirable property is that a small change in either the plaintext or the key should result in a significant change in the produced ciphertext (WHY?). DES indeed exhibits a strong avalanche effect. The avalanche effect can be illustrated by considering the following two experiments: Experiment 1 – Pick two plaintexts that differ at only one bit. – Encrypt both plaintexts with the same key. – XOR the two ciphertexts and count the number of ones. Example: x1 = 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, x2 = 10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000, and K = 00000001 1001011 0100100 11000100 0011100 0011000 0011100 0110010, yields two ciphertexts that differ at 35 bits after the third round in DES, and a final difference of 34 bits after all 16 rounds have been executed. Experiment 2 – Pick two keys that differ at only one bit. – Encrypt the same plaintext using the two different keys. – XOR the two ciphertexts and count the number of ones. Example: x = 01101000 10000101 00101111 01111010 000010011 01110110 11101011 10100100, and K1 = 1110010 1111011 1101111 0011000 0011101 0000100 0110001 1101100, K2 = 0110010 1111011 1101111 0011000 0011101 0000100 0110001 1101100, yields two ciphertexts that differ to 26 bits after the third round in DES, and a final difference of 35 bits after all 16 rounds have been executed. 2 ECE 596C: Cryptography for Secure Communications with Applications to Network Security 1.2 The strength of 56-Bit keys With a key length of 56 bits, there are 256 possible keys, i.e. approximately 7.2 × 1016 keys. With today’s technology breaking a DES encryption via brute-force attack has been proved feasible. In 1998 the Electronic Frontier Foundation (EFF) developed a DES cracker worth a quarter million dollars, that broke DES in 56 hours. The DES cracker searched 88 billion keys per second. In 1999, DES was cracked within 22 hours and 15 minutes by using the idle cycles of 100,000 networked computers worldwide. The network was capable of searching 245 billion keys per second. In 2007, researchers from Germany developed an FPGA based machine called COPACOBANA, with off-the-self components that can break a DES encryption in 6.4 days (on average). Given the short key length, the DES scheme cannot be considered secure. However, note that the adversary must have an estimate of the plaintext to perform a brute-force attack. Without plaintext knowledge or a plaintext estimate, it is not possible to determine when the right DES key is found. 2 The AES Standard The Advanced Encryption Standard (AES) standard was adopted by NIST in December of 2001. It was designed by two Belgian scientists, Rinjmen and Daemen (it is also known as the Rijmen ci- pher). It has been adopted by the US government as the default encryption cipher, wherever encryp- tion is required (details can be found at http://csrc.nist.gov/publications/fips/fips197/fips- 197.pdf) 2.1 Description of the cipher The AES is a block cipher with a block length of 128 bits (as opposed to 64 bits in DES). It can operate with three different key lengths; 128 bits, 192 bits and 256 bits. Like DES, it is also an iterative cipher with a number of rounds that depends on the key length. 10 rounds for a key length of 128 bits, 12 rounds for a key length of 192 bits and 14 rounds for a key length of 256 bits. In AES, all operations are performed on a byte basis. Blocks of 128 bits are split to 16 bytes which are organized into 4x4 arrays, which are also referred to as states. The following operations take place – Key Expansion using Rijndael’s key schedule – Initial Round 1. AddRoundKey – Nr − 1 Rounds 1. SubBytes: a non-linear substitution step where each byte is replaced with another according to a lookup table. 2. ShiftRows: a transposition step where each row of the state is left-shifted cyclically a number of steps equal to the row number. 3. MixColumns: a mixing operation which operates on the columns of the state, combining the four bytes in each column. 4. AddRoundKey: each byte of the state is XORed with the round key. – Final round 1. SubBytes 2. ShiftRows 3. AddRoundKey Handout#7 3 2.2 The SubBytes transformation This is a typical S-box lookup table operation. For example, if s1,1 = {53}, then the substitution value would be determined by the intersection of the row with index 5 and the column with index ′ 3 in Fig. 7. This would result in s1,1 = {ed}. Fig. 1. The SubBytes transformation. Fig. 2. The SubBytes lookup table. 2.3 The ShiftRows Transformation In the ShiftRows transformation, the bytes in each row of the state are cyclically shifted over a number of bytes equal to the row number. 4 ECE 596C: Cryptography for Secure Communications with Applications to Network Security Fig. 3. The ShiftRows tranformation. 2.4 The MixColumns Transformation The MixColumns transformation operates on the state column-by-column, treating each column as a four-term polynomial GF (28) and multiplied modulo x4 + 1 with a fixed polynomial a(x). Fig. 4. The MixColumns transformation. 2.5 Key Expansion The AES algorithm takes the cipher key K and expands it to generate a key schedule. The total number of keys generated is equal to (Nr + 1), each of which is 16 bytes long. The key scheduling is word oriented with each word consisting of 4 bytes. For a 10 round AES, we need a total of 11*4 = 44 words to be generated from an initial key of 4 words. Key Expansion transformations, Handout#7 5 Algorithm 1 Key Expansion Algorithm 1: INPUT K 2: RCon[1] ← 01000000 3: RCon[2] ← 02000000 4: RCon[3] ← 04000000 5: RCon[4] ← 08000000 6: RCon[5] ← 10000000 7: RCon[6] ← 20000000 8: RCon[7] ← 40000000 9: RCon[8] ← 80000000 10: RCon[9] ← 1B000000 11: RCon[10] ← 36000000 12: for i ← 0 to 3 do w[i] ← (key[4i],key[4i + 1],key[4i + 2],key[4i + 3]) 13: end for 14: for i → 4 to 43 do 15: temp ← w[i − 1] 16: if i ≡ 0 (mod 4) then i 17: temp ← SubWord(RotWord(temp)) ⊕RCon[ 4 ] 18: end if 19: w[i] ← w[i − 4] ⊕ temp 20: end for 21: return (w[0],...,w[43]) – SubWord: transformation that takes a four-byte input word and applies the S-box to each of the four bytes to produce an output word. – RotWord: transformation that takes a word [a0,a1,a2,a3] as input, performs a cyclic permu- tation, and returns the word [a1,a2,a3,a0]. – Rcon[i] :, A constant array of ten words 2.6 Example Key, K = 66 50 3c 41 67 22 63 46 25 77 5d 27 26 55 3c 7a w[0] = 66 50 3c 41, w[1] = 67 22 63 46, w[2] = 25 77 5d 27, w[3] = 26 55 3c 7a for i = 4, temp = w[3] = 26 55 3c 7a. Because i ≡ 0 (mod 4) temp ← SubWord(RotWord(temp))) ⊕RCon[1] temp ← 55 3c 7a 26 ⊕ 01 00 00 00 = 54 3c 7a 26 w[4] ← w[0] ⊕ temp = 66 50 3c 41 ⊕ 54 3c 7a 26 = 32 6c 46 67 for i = 5, temp = w[4] = 32 6c 46 67. w[5] ← w[1] ⊕ w[4] = 67 22 63 46 ⊕ 32 6c 46 67 = 55 4e 25 21 6 ECE 596C: Cryptography for Secure Communications with Applications to Network Security ¢ x x ¦ y ¥ y £ ¤ IV = y + + d¤ d ¡ e¡ e IV = y § + + ¢ y y ¦ x ¥ x (a) (b) Fig. 5. The diagram for the CBC mode of operation. (a) Encryption, (b) Decryption 3 Modes of operation DES has four modes of operation that were standardized in 1980. These modes can be used with minor modifications with any block cipher. A brief description of the four modes of operation is outlined as follows. 3.1 Electronic Codebook Mode (ECB) Each plaintext block is encrypted with the same key K, producing a stream of ciphers. Identical plaintext blocks yield identical ciphers. What is the vulnerability of an ECB mode of operation? Do you see any advantage in using the ECB mode of operation? 3.2 Cipher Block Chaining Mode (CBC) In CBC operation mode, each plaintext xi is XORed with the last ciphertext before being encrypted with the same key K. The first plaintext is encrypted with an initialization vector IV, of the same length as the plaintext. The encrypting rule under the CBC operation mode becomes yi = eK (yi−1 ⊕ xi), y0 = IV. (1) In CBC operation mode, if any block of the plaintext is changed, the entire ciphertext sequence will be changed. Think of how we can use this property to provide Message Authentication. In figure 5 we show the encryption/decryption schematics of the CBC operation mode. CBC is the most common mode of operation. What are the advantages and disadvantages of CBC mode of operation? 3.3 Output Feedback Mode (OFB) In OFB mode, a keystream is generated which is XORed to the plaintext in order to produce the ciphertext. This is a synchronous stream cipher mode of operation. The keystream is generated using the DES encryption algorithm, Handout#7 7 zi = eK (zi−1), z0 = IV.
Load more

Recommended publications
  • Advanced Encryption Standard (Aes) Modes of Operation
    ADVANCED ENCRYPTION STANDARD (AES) MODES OF OPERATION 1 Arya Rohan Under the guidance of Dr. Edward Schneider University of Maryland, College Park MISSION: TO SIMULATE BLOCK CIPHER MODES OF OPERATION FOR AES IN MATLAB Simulation of the AES (Rijndael Algorithm) in MATLAB for 128 bit key-length. Simulation of the five block cipher modes of operation for AES as per FIPS publication. Comparison of the five modes based on Avalanche Effect. Future Work 2 OUTLINE A brief history of AES Galois Field Theory De-Ciphering the Algorithm-ENCRYPTION De-Ciphering the Algorithm-DECRYPTION Block Cipher Modes of Operation Avalanche Effect Simulation in MATLAB Conclusion & Future Work References 3 A BRIEF HISTORY OF AES 4 In January 1997, researchers world-over were invited by NIST to submit proposals for a new standard to be called Advanced Encryption Standard (AES). From 15 serious proposals, the Rijndael algorithm proposed by Vincent Rijmen and Joan Daemen, two Belgian cryptographers won the contest. The Rijndael algorithm supported plaintext sizes of 128, 192 and 256 bits, as well as, key-lengths of 128, 192 and 256 bits. The Rijndael algorithm is based on the Galois field theory and hence it gives the algorithm provable 5 security properties. GALOIS FIELD 6 GALOIS FIELD - GROUP Group/Albelian Group: A group G or {G, .} is a set of elements with a binary operation denoted by . , that associates to each ordered pair (a, b) of elements in G an element (a . b) such that the following properties are obeyed: Closure: If a & b belong to G, then a . b also belongs to G.
    [Show full text]
  • Block Ciphers
    Block Ciphers Chester Rebeiro IIT Madras CR STINSON : chapters 3 Block Cipher KE KD untrusted communication link Alice E D Bob #%AR3Xf34^$ “Attack at Dawn!!” message encryption (ciphertext) decryption “Attack at Dawn!!” Encryption key is the same as the decryption key (KE = K D) CR 2 Block Cipher : Encryption Key Length Secret Key Plaintext Ciphertext Block Cipher (Encryption) Block Length • A block cipher encryption algorithm encrypts n bits of plaintext at a time • May need to pad the plaintext if necessary • y = ek(x) CR 3 Block Cipher : Decryption Key Length Secret Key Ciphertext Plaintext Block Cipher (Decryption) Block Length • A block cipher decryption algorithm recovers the plaintext from the ciphertext. • x = dk(y) CR 4 Inside the Block Cipher PlaintextBlock (an iterative cipher) Key Whitening Round 1 key1 Round 2 key2 Round 3 key3 Round n keyn Ciphertext Block • Each round has the same endomorphic cryptosystem, which takes a key and produces an intermediate ouput • Size of the key is huge… much larger than the block size. CR 5 Inside the Block Cipher (the key schedule) PlaintextBlock Secret Key Key Whitening Round 1 Round Key 1 Round 2 Round Key 2 Round 3 Round Key 3 Key Expansion Expansion Key Key Round n Round Key n Ciphertext Block • A single secret key of fixed size used to generate ‘round keys’ for each round CR 6 Inside the Round Function Round Input • Add Round key : Add Round Key Mixing operation between the round input and the round key. typically, an ex-or operation Confusion Layer • Confusion layer : Makes the relationship between round Diffusion Layer input and output complex.
    [Show full text]
  • Visualization of the Avalanche Effect in CT2
    University of Mannheim Faculty for Business Informatics & Business Mathematics Theoretical Computer Science and IT Security Group Bachelor's Thesis Visualization of the Avalanche Effect in CT2 as part of the degree program Bachelor of Science Wirtschaftsinformatik submitted by Camilo Echeverri [email protected] on October 31, 2016 (2nd revised public version, Apr 18, 2017) Supervisors: Prof. Dr. Frederik Armknecht Prof. Bernhard Esslinger Visualization of the Avalanche Effect in CT2 Abstract Cryptographic algorithms must fulfill certain properties concerning their security. This thesis aims at providing insights into the importance of the avalanche effect property by introducing a new plugin for the cryptography and cryptanalysis platform CrypTool 2. The thesis addresses some of the desired properties, discusses the implementation of the plugin for modern and classic ciphers, guides the reader on how to use it, applies the proposed tool in order to test the avalanche effect of different cryptographic ciphers and hash functions, and interprets the results obtained. 2 Contents Abstract .......................................... 2 Contents .......................................... 3 List of Abbreviations .................................. 5 List of Figures ...................................... 6 List of Tables ....................................... 7 1 Introduction ..................................... 8 1.1 CrypTool 2 . 8 1.2 Outline of the Thesis . 9 2 Properties of Secure Block Ciphers ....................... 10 2.1 Avalanche Effect . 10 2.2 Completeness . 10 3 Related Work ..................................... 11 4 Plugin Design and Implementation ....................... 12 4.1 General Description of the Plugin . 12 4.2 Prepared Methods . 14 4.2.1 AES and DES . 14 4.3 Unprepared Methods . 20 4.3.1 Classic Ciphers, Modern Ciphers, and Hash Functions . 20 4.4 Architecture of the Code . 22 4.5 Limitations and Future Work .
    [Show full text]
  • A Block Cipher Algorithm to Enhance the Avalanche Effect Using Dynamic Key- Dependent S-Box and Genetic Operations 1Balajee Maram and 2J.M
    International Journal of Pure and Applied Mathematics Volume 119 No. 10 2018, 399-418 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu Special Issue ijpam.eu A Block Cipher Algorithm to Enhance the Avalanche Effect Using Dynamic Key- Dependent S-Box and Genetic Operations 1Balajee Maram and 2J.M. Gnanasekar 1Department of CSE, GMRIT, Rajam, India. Research and Development Centre, Bharathiar University, Coimbatore. [email protected] 2Department of Computer Science & Engineering, Sri Venkateswara College of Engineering, Sriperumbudur Tamil Nadu. [email protected] Abstract In digital data security, an encryption technique plays a vital role to convert digital data into intelligible form. In this paper, a light-weight S- box is generated that depends on Pseudo-Random-Number-Generators. According to shared-secret-key, all the Pseudo-Random-Numbers are scrambled and input to the S-box. The complexity of S-box generation is very simple. Here the plain-text is encrypted using Genetic Operations and S-box which is generated based on shared-secret-key. The proposed algorithm is experimentally investigates the complexity, quality and performance using the S-box parameters which includes Hamming Distance, Balanced Output and the characteristic of cryptography is Avalanche Effect. Finally the comparison results motivates that the dynamic key-dependent S-box has good quality and performance than existing algorithms. 399 International Journal of Pure and Applied Mathematics Special Issue Index Terms:S-BOX, data security, random number, cryptography, genetic operations. 400 International Journal of Pure and Applied Mathematics Special Issue 1. Introduction In public network, several types of attacks1 can be avoided by applying Data Encryption/Decryption2.
    [Show full text]
  • FPGA Implementation and Analysis of the Block Cipher Mode Architectures for the PRESENT Light Weight Encryption Algorithm
    ISSN (Print) : 0974-6846 Indian Journal of Science and Technology, Vol 9(38), DOI: 10.17485/ijst/2016/v9i38/90314, October 2016 ISSN (Online) : 0974-5645 FPGA Implementation and Analysis of the Block Cipher Mode Architectures for the PRESENT Light Weight Encryption Algorithm A. Prathiba* and V. S. Kanchana Bhaaskaran School of Electronics Engineering, VIT University Chennai, Chennai - 600127, India; prathi_communication@yahoo. co.in, [email protected] Abstract Objective: This paper presents the Field Programmable Gate Array (FPGA) implementations of the different block cipher mode architectures of the ISO standardized light weight block cipher PRESENT, designed for resource constrained devices. Methods/ Statistical Analysis: The performance evaluations compare the implementations of the different block cipher modes, namely Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback Mode (CFB), Output Feed Back Mode (OFB) and CounTeR (CTR) mode for the PRESENT cipher. The throughput of encryption of three successive 64 bit blocks of data ranges from 565.312Mbps to 574.784Mbps for the modes other than the cipher feedback arrives as 68.912 Mbps, 155.392Mbps and300.8 Mbps for a 64 bit block of data for the input streams of size 8 bits, 16 bits andmode 32 in bits the respectively.Spartan-3 FPGA. Findings: The throughput The throughput for providing of the confidentialityblock cipher mode through hardware encryption architectures in the cipher of the feedback light weight mode cipher PRESENT demonstrates the high speed performance of the cipher in encryption/decryption of data as blocks and streams. Application/ Improvement: different modes of operation for the light weight block cipher PRESENT.
    [Show full text]
  • FPGA Implementation Using VHDL of the AES-GCM 256-Bit Authenticated Encryption Algorithm
    NATIONAL AND KAPODISTRIAN UNIVERSITY OF ATHENS DEPARTMENT OF INFORMATICS AND TELECOMMUNICATIONS THESIS FPGA Implementation using VHDL of the AES-GCM 256-bit Authenticated Encryption Algorithm Ioannis-T. - Stavrou Supervisor: Antonis Paschalis, Professor ATHENS NOVEMBER 2016 ΕΘΝΙΚΟ ΚΑΙ ΚΑΠΟΔΙΣΤΡΙΑΚΟ ΠΑΝΕΠΙΣΤΗΜΙΟ ΑΘΗΝΩΝ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ ΤΜΗΜΑ ΠΛΗΡΟΦΟΡΙΚΗΣ ΚΑΙ ΤΗΛΕΠΙΚΟΙΝΩΝΙΩΝ ΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ Υλοποίηση σε FPGA με τη Χρήση VHDL του Αλγόριθμου Κρυπτογράφησης με Πιστοποίηση Αυθεντικότητας AES-GCM 256-bit Ιωάννης - Θ. - Σταύρου Επιβλέπων: Αντώνης Πασχάλης, Καθηγητής ΑΘΗΝΑ ΝΟΕΜΒΡΙΟΣ 2016 THESIS FPGA Implementation using VHDL of the AES-GCM 256-bit Authenticated Encryption Algorithm Ioannis - T. - Stavrou Α.Μ.: 1115200700128 Supervisor: Antonis Paschalis, Professor ΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ Υλοποίηση σε FPGA με τη Χρήση VHDL του Αλγόριθμου Κρυπτογράφησης με Πιστοποίηση Αυθεντικότητας AES-GCM 256-bit Ιωάννης - Θ. - Σταύρου Α.Μ.:1115200700128 Επιβλέπων: Αντώνης Πασχάλης, Καθηγητής ABSTRACT Achieving high-speed network performance along with data integrity and security was always a challenge. The necessity to communicate through public channels securely led to the use of asymmetric key cryptography algorithms that commonly use a “hand- shake” mechanism allowing the implementation of a “trust” system that could quarantine the security of the transaction and the integrity of the data as long as the algorithm could provide strong resistance to cryptographic attacks. Although, there is no mathematical proof that these algorithms are invulnerable to attacks there is strong indication that they are highly resistant to most of them, making brute force the only attack that can have a 100% success rate which is countered by the huge computational power someone needs to succeed. While asymmetric key cryptography algorithms where the solution to public communication, the ongoing demand for higher bandwidth made the use of them inefficient, because the complexity of the algorithms demanded a processing cost that were creating latency gaps.
    [Show full text]
  • A Novel Construction of Efficient Substitution-Boxes Using Cubic
    entropy Article A Novel Construction of Efficient Substitution-Boxes Using Cubic Fractional Transformation Amjad Hussain Zahid 1,2, Muhammad Junaid Arshad 2 and Musheer Ahmad 3,* 1 Department of Computer Science, University of Management and Technology, Lahore 54000, Pakistan; [email protected] 2 Department of Computer Science, University of Engineering and Technology, Lahore 54000, Pakistan; [email protected] 3 Department of Computer Engineering, Jamia Millia Islamia, New Delhi 110025, India * Correspondence: [email protected]; Tel.: +91-112-698-0281 Received: 27 January 2019; Accepted: 28 February 2019; Published: 5 March 2019 Abstract: A symmetric block cipher employing a substitution–permutation duo is an effective technique for the provision of information security. For substitution, modern block ciphers use one or more substitution boxes (S-Boxes). Certain criteria and design principles are fulfilled and followed for the construction of a good S-Box. In this paper, an innovative technique to construct substitution-boxes using our cubic fractional transformation (CFT) is presented. The cryptographic strength of the proposed S-box is critically evaluated against the state of the art performance criteria of strong S-boxes, including bijection, nonlinearity, bit independence criterion, strict avalanche effect, and linear and differential approximation probabilities. The performance results of the proposed S-Box are compared with recently investigated S-Boxes to prove its cryptographic strength. The simulation and comparison analyses validate that the proposed S-Box construction method has adequate efficacy to generate efficient candidate S-Boxes for usage in block ciphers. Keywords: substitution box; cubic fractional transformation; block ciphers; security 1. Introduction Cryptography helps individuals and organizations to protect their data.
    [Show full text]
  • A Fast New Cryptographic Hash Function Based on Integer Tent Mapping System
    JOURNAL OF COMPUTERS, VOL. 7, NO. 7, JULY 2012 1671 A Fast New Cryptographic Hash Function Based on Integer Tent Mapping System Jiandong Liu Information Engineering College, Beijing Institute of Petrochemical Technology, Beijing, China [email protected] Xiahui Wang, Kai Yang, Chen Zhao Information Engineering College, Beijing Institute of Petrochemical Technology, Beijing, China {Wnagxiahui, Yangkai0212, zhao_chen}@bipt.edu.cn Abstract—This paper proposes a novel one-way Hash collisions by SHA-1” by Wang and Yu is another function which is based on the Coupled Integer Tent breakthrough in the hash functions history [11]. Mapping System and termed as THA (THA-160, THA-256). Based on the MD iteration structure [3], the The THA-160 compresses a message of arbitrary length into conventional Hash functions (MDx and SHA) have many a fingerprint of 160 bits, well the THA-256 compresses a common design guidelines. The designs of their mixed message of arbitrary length into a fingerprint of 256 bits. The algorithm adopts a piecewise message expansion operations for each round are very similar, and all of scheme. Compared with SHA-1 and SHA-256 message them adopt integer modulo addition and logic function; expansion, the message expansion scheme has enhanced the therefore, many Hash functions have been breached degree of nonlinear diffusion of the message expansion, and successively within a short period of time, which thus increased the computation efficiency. In addition, as indicates the defects in the design of the Hash functions. the major nonlinear component of compression function, the In recent years, in order to obtain more secure hash traditional logic functions are replaced by the integer tent functions, the research on constructing one-way hash map, and so the scheme has ideal properties of diffusion and function has been carried out and it has achieved progress confusion.
    [Show full text]
  • Data Encryption Standard (DES)
    6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter: + To review a short history of DES + To defi ne the basic structure of DES + To describe the details of building elements of DES + To describe the round keys generation process + To analyze DES he emphasis is on how DES uses a Feistel cipher to achieve confusion and diffusion of bits from the Tplaintext to the ciphertext. 6.1 INTRODUCTION The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). 6.1.1 History In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modifi cation of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). After the publication, the draft was criticized severely for two reasons. First, critics questioned the small key length (only 56 bits), which could make the cipher vulnerable to brute-force attack. Second, critics were concerned about some hidden design behind the internal structure of DES. They were suspicious that some part of the structure (the S-boxes) may have some hidden trapdoor that would allow the National Security Agency (NSA) to decrypt the messages without the need for the key. Later IBM designers mentioned that the internal structure was designed to prevent differential cryptanalysis.
    [Show full text]
  • RAGHAV a New Low Power S-P Network Encryption Design for Resource Constrained Environment
    RAGHAV A new low power S-P network encryption design for resource constrained environment Gaurav Bansod Associate Professor [email protected] Pune Institute of Computer Technology(PICT), Pune India Abstract— This paper proposes a new ultra lightweight cipher considered to be the workhorse in the cryptographic RAGHAV. RAGHAV is a Substitution-Permutation (SP) environment. The most ignored metric in design of a network, which operates on 64 bit plaintext and supports a lightweight cipher is power dissipation which is a very crucial 128/80 bit key scheduling. It needs only 994.25 GEs by using in the environments like IoT and Wireless Sensor Networks 0.13µm ASIC technology for a 128 bit key scheduling. It also (WSN). In Wireless Sensor Network, most of the nodes are needs less memory i.e. 2204 bytes of FLASH memory , which is less as compared to all existing S-P network lightweight ciphers. battery powered and there is a need to protect these nodes This paper presents a complete security analysis of RAGHAV, against external attacks. The versatile cipher like AES, Triple which includes basic attacks like linear cryptanalysis and DES fails in such kind of environment as they need huge differential cryptanalysis. This paper also covers advanced attack memory space as well as they dissipated more power. There is like zero correlation attack, Biclique attack, Algebraic attack, urgent need to secure these nodes without incurring more Avalanche effect, key collision attack and key schedule attack. In power to make the technologies like IoT feasible. This paper this cipher,use of block permutation helps the design to improve presents a cipher RAGHAV which has less GE’s, needs less the throughput.
    [Show full text]
  • CRYPTREC Report 2001
    CRYPTREC 2001 CRYPTREC Report 2001 March 2002 Information-technology Promotion Agency, Japan Telecommunications Advancement Organization of Japan CRYPTREC 2001 Contents Introduction 1 On the CRYPTREC Evaluation Committee Report 3 Note on the use of this report 7 1 Overview of Cryptographic Technique Evaluation 8 1.1 Evaluation Organs and Schedule ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・8 1.2 How cryptography evaluation was carried out. ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・12 1.3 Terminology ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・13 1.4 Evaluation Committee Members ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・14 2 Evaluation of public key cryptographic techniques 17 2.1 Target of Evaluation and Evaluation Method ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・17 2.1.1 Evaluated Cryptographic Techniques ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・17 2.1.2 Evaluation Policy・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・17 2.1.3 Evaluation Method ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・19 2.2 Evaluation result ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・21 2.2.1 Outline of evaluation result ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・21 2.2.2 General Evaluation of the Difficulty of Arithmetic Problems・・・・・・・・・・・・・・・・・23 2.2.3 Overall Judgment of Cryptographic Techniques that were the Target of Detailed Evaluation ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・23 2.2.4 Overall Judgment of Cryptographic Techniques under Observation ・・・・・・・・・・・26 2.2.5 Overall Judgment of Cryptosystems that were Targets of Screening Evaluations in 2001
    [Show full text]
  • Modified Advanced Encryption Standard Algorithm for Information
    S S symmetry Article Modified Advanced Encryption Standard Algorithm for Information Security Oluwakemi Christiana Abikoye 1 , Ahmad Dokoro Haruna 2 , Abdullahi Abubakar 1, Noah Oluwatobi Akande 3,* and Emmanuel Oluwatobi Asani 3 1 Computer Science Department, University of Ilorin, Ilorin 240103, Kwara State, Nigeria; [email protected] (A.O.C.); [email protected] (A.A.) 2 Computer Science Department, Gombe State University, Gombe 760214, Gombe State, Nigeria; [email protected] 3 Data and Information Security Research Group, Computer Science Department, Landmark University, Omu-Aran 251101, Kwara State, Nigeria; [email protected] * Correspondence: [email protected] Received: 19 July 2019; Accepted: 9 September 2019; Published: 5 December 2019 Abstract: The wide acceptability of Advanced Encryption Standard (AES) as the most efficient of all of the symmetric cryptographic techniques has further opened it up to more attacks. Efforts that were aimed at securing information while using AES is still being undermined by the activities of attackers This has further necessitated the need for researchers to come up with ways of enhancing the strength of AES. This article presents an enhanced AES algorithm that was achieved by modifying its SubBytes and ShiftRows transformations. The SubBytes transformation is modified to be round key dependent, while the ShiftRows transformation is randomized. The rationale behind the modification is to make the two transformations round key dependent, so that a single bit change in the key will produce a significant change in the cipher text. The conventional and modified AES algorithms are both implemented and evaluated in terms avalanche effect and execution time.
    [Show full text]