DOCSLIB.ORG

Classic Cryptosystems Key Points Modulo Operation Ring Division

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Classic Cryptosystems Key Points Modulo Operation Ring Division 3/1/2014 Ring RRiinngg ZZmm iiss:: ––SetSet of integers: ZZ =={{00,,11,,22,,……,,mm--11}} Classic Cryptosystems mm ––TwoTwo operation: “+” and “ ××”” →→ ≡≡ ∈∈ ““++”” a + b c mod m (c ZZmm)) ×× →→ ×× ≡≡ ∈∈ ““ ” a b d mod m (d ZZmm)) Example: –– m = 77,, ZZ77=={{00,,11,,22,,33,,44,,55,,66}} 66 ++ 55 == 1111 mod 77 == 44 6 ×× 55 == 3300 mod 77 == 22 6622//٤٤ ١١ Key Points Ring Z mm Properties & Operations Field: set of elements with + & * IdentityIdentity:: additive ‘‘00’’ , multiplicative ‘11’’‘ Modular Arithmetic: reduces all aa++00=a=a , ,a ××a11=a=a mod m numbers to fixed set [[00……nn--11]] InverseInverse:: additive ‘--a’,‘ a’, multiplicative ‘a --11’’ GCD: largest positive integer dividing aa++((--aa))==00mod mod m, m, a ××a aa--11 ==11 mod m Finite Field: finite number of elements Multiplicative inverse exist if gcd (a,m) = 11 n Order Finite Field: power of a prime PP Ring Addition and Multiplication is: where n = integer ClosedClosed,, Commutative,Commutative , Associative Finite Field: of order p can be defined using normal arithmetic mod p 6622//٥٥ 6622//٢٢ Modulo Operation Division on Ring ZZmm QQ::WhatWhat is 1122 mod 99?? Ring Division: 44//1155 mod 2266?????? AA::1122 mod 9 ≡≡33 44//1155 mod 2266 == 44 ×× 1155--11 mod 2266 LLeett a,r,m ∈∈ ΖΖ 1155--11 mod 2266existexist if gcd(1155,,2266))==11gcd( 1155--11 mod 2266 == 77 ((Ζ = set of all integers ) and mm >>00.. 44//1155 mod 2266 == 44××7 mod 2266 == 2288 mod 2266==22 We write r ≡ a mod m if m ––rr divides aa.. Note that the modulo operation can be applied mm is called the modulus. whenever we want: rr is called the remainder. (a + b) mod m = [(a mod m)+ (b mod m)] mod m q · a = m --rr 0 ≤ r< m ((aa ×× b) mod m = [(a mod m) ×× (b mod m)] mod m 6622//٦٦ 6622//٣٣ 1 3/1/2014 Exponentiation in ZZ mm Substitution Ring Exponentiation: 338 mod 77 ==?????? 338 mod 77 == 6561 mod 77 6561 mod 77 == 22 →→ 66556611==((993377××77))++22 A => 0 Or = 3388 == 4433××3344== 2233××3322××3322××3322 NUCLEAR B => 1 8 2 ×× 2 ×× 2 C => 2 33 mod 77 == [[((33 mod 77)) ((33 mod 77)) ((33 mod 77)) Key ××((332 mod 77)])] mod 77 D => 3 E => 4 338 mod 77 == ((22 ×× 2 ×× 2 ×× 22)) mod 77 == 1166 mod 77==22 Encryption .. Note that ring ΖΖmm (modulo arithmetic) is of .. central importance to modern publicpublic--kkeeyy cryptography. In practice,the order of the .. integers involved in PKC are in the range of[of[22116600 , 13 20 2 11 4 0 17 X => 23 2211002244]. Perhaps even larger Y => 24 Z => 25 6622//١١٠٠ 6622//٧٧ Advance Substitution Classic Cryptography (Random) Key Substitution A => D F => I K => N P => S U => G B => A G => J L => O Q => F V => Y Transposition C => T H => U M => P R => K W => Q Enigma Machine D => X I => L N => Z S => V X => E SShihifftt E => H J => R O => M T => W Y => B Z => C Affine Vigenere Block (Hill) Vernam (one time pad) NUCLEAR Encryption ??????? Stream 6622//١١١١ 6622//٨٨ Substitution Transposition (Permutation) Substitution reserves places A => B But NUCLEAR B => C Transposition reserves content C => D D => E Key E => F Encryption .. .. .. NUCLEAR Encryption LUCNARE OVDMFBS X => Y Y => Z Z => A 6622//١١٢٢ 6622//٩٩ 2 3/1/2014 Breaking a Transposition (Permutation) Monoalphabetic Substitution X ydis pq yjc xzpvpyw ya icqdepzc ayjceq xq COMPUTER ENGINEER A tact is the ability to describe others as yjcw qcc yjcuqcvrcq. Encryption Cipher text they see themselves. COM PUT Xzexjxu Vpsdavs CPEEIE.OURNNR.MT GE . ER Abraham Lincoln ENG I NE Character Frequency: c-10, y-8, q-7, x-6, j-5, p-5, v-4, d-3 ER a-3, e-3, z-3, s-2, u-2, w-2, i-1, r-1 6622//Alphabet frequency: e t a o i n s r h l d c u m f p g w y b v k x j q z١١٦٦ 6622//١١٣٣ Security Enigma Machine GermanyGermany--WorldWorld War 11 Encryption: Keys are typed in normally Machine output: Cipher text -- encrypted message typed on paper Decryption: Normal typing cipher text ––MachineMachine output: Plain text on paper Keys: Mechanical rotors 6622//١١٧٧ 6622//١١٤٤ Wheel Cipher 6622//١١٨٨ 6622//١١٥٥ 3 3/1/2014 Shift Cipher Analysis Affine Cipher Algorithm: Alphabet letters are substituted by numbers: Encryption: Ek(x) = y = α· x + β mod 26. Key: k = (α, β) where α, β ∈ Ζ Key Space??? AA BB CC DD EE FF GG HH II JJ KK LL MM 26 Key space = 26 . 26 = 676 Possibilities are they all possible? 00 11 22 33 44 55 66 77 88 99 1100 1111 1122 NN OO PP QQ RR SS TT UU VV WW XX YY ZZ Example: 1133 1144 1155 1166 1177 1188 1199 2200 2211 2222 2233 2244 2255 k = (α, β) = (13, 4) INPUT = (8, 13, 15, 20, 19) RRiingng::ZZ x = plaintext k = key Y = (4, 17, 17, 4, 17) = ERRER 2626 ALTER = (0, 11, 19, 4, 17) –– EE (x) = x + k mod 26 ((EncryptionEncryption)) kk Y = (4, 17, 17, 4, 17) = ERRER –– DD (x) = x ––kk mod 26 ((DecryptionDecryption)) kk No one-to-one map within plaintext and ciphertext. What went wrong? 6622//٢٢٢٢ -1 6622//١١٩٩ Caser Cipher: k = 33 Decryption: D k(x) = x = α · y +γ Affine Cipher Analysis Caesar Shift Key Space: β can be any number in Ζ26 ⇒ 26 possibilities -1 Since α has to exist, only selected integers in Ζ26 are useful .e.g. gcd( α, 26) = 1. {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25} Therefore, the key space has 12 · 26 = 312 candidates. Attack types: PLAINTEXT a b c d e f g h i j k l m 1. Ciphertext only: exhaustive search or frequency analysis 2. Known plaintext: two letters in the plaintext and corresponding ciphertext letters CIPHERTEXT D E F G H I J K L M N O P would be sufficient to find the key. n o p q r s t u v w x y z PLAINTEXT Example : plaintext: IF=(8, 5) and ciphertext PQ=(15, 16) CIPHERTEXT Q R S T U V W X Y Z A B C – 8 · α + β ≡ 15 mod 26 – 5 · α + β ≡ 16 mod 26 → α = 17 and β = 9 What happens if we have only one letter of known plaintext? 3. Chosen plaintext: Chose A and B as the plaintext. The first character of the Hello There → khoor wkhuh ciphertext will be equal to 0·α + β = β and the second will be α + β. 4. Chosen ciphertext : Chose A and B as the ciphertext. 6622//٢٢٣٣ 6622//٢٢٠٠ Shift Cipher Example Vigenere Cipher Assume: key k = 17 Vigenere Cipher encrypts mm Plaintext: X = A T T A C K = (0, 19, 19, 0, 2, 10). Ciphertext: Y = (0+17 mod 26, 19+17 mod 26,…) alphabetic characters at a time Y = (17, 10, 10, 17, 19, 1) = R K K R T B Attacks on Shift Cipher each plaintext element is equivalent 1. Exhaustive Search: ttoo mm alphabetic characters – Try all possible keys. |K|= 26. – Nowadays, for moderate security, |K| ≥280 , – recommended security |K| ≥2100 . key KK is a keyword that associate 2. Letter frequency analysis (Same plaintext maps to same ciphertext) with an alphabetic string of length mm 6622//٢٢٤٤ 6622//٢٢١١ 4 3/1/2014 Example Block ciphers Substitution ciphers: changing one letter in the plaintext changes mm == 55;;KK == ((22,, 88,, 1155,, 77,, 2200)).. exactly one letter in the ciphertext. P = 44,,55,,22,,88,,1111,,22,,1144,,2200,,11,,22,,44,,55,,1166 This greatly facilitates finding the key using frequency analysis. Block ciphers: prevents this by encrypting a block of letters simultaneously. Encryption: Many of the modern (symmetric) cryptosystems are block ciphers. 44 55 22 88 111122 1144220011 22 33 44 55 1166 DES operates on 64 bits of blocks 22 88 115577 220022 88 115577 220022 88 115577 AES uses blocks of 128 bits (192 and 256 are also possible). 66 113311771155331144 222299 88 222255 112222002233 Example: Hill Cipher (1929) The key is an n × n matrix whose entries are integers in Ζ26 . 6622//٢٢٨٨ 6622//٢٢٥٥ Vigenere Cipher Secrecy Block cipher: Hill cipher number of possible keywords of length mm 2266mm Encryption: vector-matrix multiplication if mm == ,55, then then the the keyspace keyspace has has size size exceeding exceeding 11..11 ×× 110077. 1 2 3 This is already large enough to preclude Example: Let n=3, key matrix ‘M’ be M = 4 5 6 exhaustive key search by hand (but not by 11 9 8 computer). assume the plaintext is ABC=(0,1,2) having keyword length mm, an alphabetic 1 2 3 character can be mapped to one of mm possible )2,1,0( × 4 5 6 ≡ (26,23,22)mod26= (0,23,22) ⇒ AXW (ciphertext ) alphabetic characters (assuming that the keyword contains mm distinct characters). 11 9 8 Such a cryptosystem is called polyalphabetic . Decryption: 22 5 1 In general, cryptanalysis is more difficult for 22 5 1 = polyalphabetic than for monoalphabetic inverse ‘N’ of key matrix M is needed: N 6 17 24 cryptosystems. (0,23,22) × 6 17 24 ≡ (468,677,574)mod26= (0,1,2) ⇒15ABC 13( plain 1 − text ) 6622//٢٢٩٩ 15 13 1 6622//٢٢٦٦ Vigenere Cipher Attack Hill Cipher If we change one letter in the plaintext, all the letters of observe two identical segments in the ciphertext will be affected.
Load more

Recommended publications
  • Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng
    Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng 1 Introduction – Chris Eng _ Director of Security Services, Veracode _ Former occupations . 2000-2006: Senior Consulting Services Technical Lead with Symantec Professional Services (@stake up until October 2004) . 1998-2000: US Department of Defense _ Primary areas of expertise . Web Application Penetration Testing . Network Penetration Testing . Product (COTS) Penetration Testing . Exploit Development (well, a long time ago...) _ Lead developer for @stake’s now-extinct WebProxy tool 2 Assumptions _ This talk is aimed primarily at penetration testers but should also be useful for developers to understand how your application might be vulnerable _ Assumes basic understanding of cryptographic terms but requires no understanding of the underlying math, etc. 3 Agenda 1 Problem Statement 2 Crypto Refresher 3 Analysis Techniques 4 Case Studies 5 Q & A 4 Problem Statement 5 Problem Statement _ What do you do when you encounter unknown data in web applications? . Cookies . Hidden fields . GET/POST parameters _ How can you tell if something is encrypted or trivially encoded? _ How much do I really have to know about cryptography in order to exploit implementation weaknesses? 6 Goals _ Understand some basic techniques for analyzing and breaking down unknown data _ Understand and recognize characteristics of bad crypto implementations _ Apply techniques to real-world penetration tests 7 Crypto Refresher 8 Types of Ciphers _ Block Cipher . Operates on fixed-length groups of bits, called blocks . Block sizes vary depending on the algorithm (most algorithms support several different block sizes) . Several different modes of operation for encrypting messages longer than the basic block size .
    [Show full text]
  • SGX Secure Enclaves in Practice Security and Crypto Review
    SGX Secure Enclaves in Practice Security and Crypto Review JP Aumasson, Luis Merino This talk ● First SGX review from real hardware and SDK ● Revealing undocumented parts of SGX ● Tool and application releases Props Victor Costan (MIT) Shay Gueron (Intel) Simon Johnson (Intel) Samuel Neves (Uni Coimbra) Joanna Rutkowska (Invisible Things Lab) Arrigo Triulzi Dan Zimmerman (Intel) Kudelski Security for supporting this research Agenda .theory What's SGX, how secure is it? .practice Developing for SGX on Windows and Linux .theory Cryptography schemes and implementations .practice Our projects: reencryption, metadata extraction What's SGX, how secure is it? New instruction set in Skylake Intel CPUs since autumn 2015 SGX as a reverse sandbox Protects enclaves of code/data from ● Operating System, or hypervisor ● BIOS, firmware, drivers ● System Management Mode (SMM) ○ aka ring -2 ○ Software “between BIOS and OS” ● Intel Management Engine (ME) ○ aka ring -3 ○ “CPU in the CPU” ● By extension, any remote attack = reverse sandbox Simplified workflow 1. Write enclave program (no secrets) 2. Get it attested (signed, bound to a CPU) 3. Provision secrets, from a remote client 4. Run enclave program in the CPU 5. Get the result, and a proof that it's the result of the intended computation Example: make reverse engineer impossible 1. Enclave generates a key pair a. Seals the private key b. Shares the public key with the authenticated client 2. Client sends code encrypted with the enclave's public key 3. CPU decrypts the code and executes it A trusted
    [Show full text]
  • Bias in the LEVIATHAN Stream Cipher
    Bias in the LEVIATHAN Stream Cipher Paul Crowley1? and Stefan Lucks2?? 1 cryptolabs Amsterdam [email protected] 2 University of Mannheim [email protected] Abstract. We show two methods of distinguishing the LEVIATHAN stream cipher from a random stream using 236 bytes of output and pro- portional effort; both arise from compression within the cipher. The first models the cipher as two random functions in sequence, and shows that the probability of a collision in 64-bit output blocks is doubled as a re- sult; the second shows artifacts where the same inputs are presented to the key-dependent S-boxes in the final stage of the cipher for two suc- cessive outputs. Both distinguishers are demonstrated with experiments on a reduced variant of the cipher. 1 Introduction LEVIATHAN [5] is a stream cipher proposed by David McGrew and Scott Fluhrer for the NESSIE project [6]. Like most stream ciphers, it maps a key onto a pseudorandom keystream that can be XORed with the plaintext to generate the ciphertext. But it is unusual in that the keystream need not be generated in strict order from byte 0 onwards; arbitrary ranges of the keystream may be generated efficiently without the cost of generating and discarding all prior val- ues. In other words, the keystream is “seekable”. This property allows data from any part of a large encrypted file to be retrieved efficiently, without decrypting the whole file prior to the desired point; it is also useful for applications such as IPsec [2]. Other stream ciphers with this property include block ciphers in CTR mode [3].
    [Show full text]
  • RC4-2S: RC4 Stream Cipher with Two State Tables
    RC4-2S: RC4 Stream Cipher with Two State Tables Maytham M. Hammood, Kenji Yoshigoe and Ali M. Sagheer Abstract One of the most important symmetric cryptographic algorithms is Rivest Cipher 4 (RC4) stream cipher which can be applied to many security applications in real time security. However, RC4 cipher shows some weaknesses including a correlation problem between the public known outputs of the internal state. We propose RC4 stream cipher with two state tables (RC4-2S) as an enhancement to RC4. RC4-2S stream cipher system solves the correlation problem between the public known outputs of the internal state using permutation between state 1 (S1) and state 2 (S2). Furthermore, key generation time of the RC4-2S is faster than that of the original RC4 due to less number of operations per a key generation required by the former. The experimental results confirm that the output streams generated by the RC4-2S are more random than that generated by RC4 while requiring less time than RC4. Moreover, RC4-2S’s high resistivity protects against many attacks vulnerable to RC4 and solves several weaknesses of RC4 such as distinguishing attack. Keywords Stream cipher Á RC4 Á Pseudo-random number generator This work is based in part, upon research supported by the National Science Foundation (under Grant Nos. CNS-0855248 and EPS-0918970). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the funding agencies or those of the employers. M. M. Hammood Applied Science, University of Arkansas at Little Rock, Little Rock, USA e-mail: [email protected] K.
    [Show full text]
  • A Software-Optimized Encryption Algorithm
    To app ear in J of CryptologyFull version of Last revised Septemb er A SoftwareOptimized Encryption Algorithm Phillip Rogaway and Don Copp ersmith Department of Computer Science Engineering I I Buildin g University of California Davis CA USA rogawaycsucdavisedu IBM TJ Watson ResearchCenter PO Box Yorktown Heights NY USA copp erwatsonibmcom Abstract We describ e a softwareecient encryption algorithm named SEAL Computational cost on a mo dern bit pro cessor is ab out clo ck cycles p er byte of text The cipher is a pseudorandom function family under control of a key rst prepro cessed into an internal table it stretches a bit p osition index into a long pseudorandom string This string can b e used as the keystream of a Vernam cipher Key words Cryptography Encryption Fast encryption Pseudoran dom function family Software encryption Stream cipher Intro duction Encrypting Fast In Software Encryption must often b e p erformed at high data rates a requirement sometimes met with the help of supp orting crypto graphic hardware Unfortunately cryptographic hardware is often absent and data condentiality is sacriced b ecause the cost of software cryptographyis deemed to b e excessive The computational cost of software cryptography is a function of the under y of its implementation But regardless of imple lying algorithm and the qualit mentation a cryptographic algorithm designed to run well in hardware will not p erform in software as well as an algorithm optimized for software execution The hardwareoriented Data Encryption Algorithm DES
    [Show full text]
  • Read Paper (In PDF)
    The Performance Measurement of Cryptographic Primitives on Palm Devices £ Duncan S. Wong, Hector Ho Fuentes and Agnes H. Chan College of Computer Science Northeastern University Boston, MA 02115, USA g fswong, hhofuent, ahchan @ccs.neu.edu Abstract which take only a few milliseconds or less and are widely used in securing data, performing authentication and in- We developed and evaluated several cryptographic sys- tegrity check on desktop machines, may spend seconds or tem libraries for Palm OS Ö which include stream and even minutes to carry out on a PalmPilot. Furthermore, the block ciphers, hash functions and multiple-precision integer memory space on low-power handheld devices are usually arithmetic operations. We noted that the encryption speed limited which may also introduce new challenges on the im- of SSC2 outperforms both ARC4 (Alleged RC4) and SEAL plementation of cryptosystems. Hence it is critical for users 3.0 if the plaintext is small. On the other hand, SEAL 3.0 to choose appropriate algorithms for the implementation of almost doubles the speed of SSC2 when the plaintext is con- cryptosystems on low-power devices. siderably large. We also observed that the optimized Rijn- We developed several cryptographic system libraries for dael with 8KB of lookup tables is 4 times faster than DES. Palm OS which include the following algorithms: In addition, our results show that implementing the cryp- tographic algorithms as system libraries does not degrade Stream Ciphers We tested the encryption speed of three their performance significantly. Instead, they provide great stream ciphers: SSC2 [11], ARC4 (Alleged RC4)1 and flexibility and code management to the algorithms.
    [Show full text]
  • 1 Stream Ciphers Vs. Block Ciphers
    CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Lecture Notes 13: Private-Key Encryption in Practice Reading. • KatzLindell 2nd edition 3.6,6.0,6.2.0-6.2.3,6.2.5 or 1st edition 3.6,5.0,5.2.0-5.2.3,5.2.5 1 Stream Ciphers vs. Block Ciphers • In practice, people use direct constructions of candidate stream ciphers (PRGs with unbounded output length) and block ciphers (like PRFs, discussed below). typically designed for xed nite key length n (not asymptotic) much faster than the full constructions we've seen based on one-way functions, hardness of factoring, etc. designed with aim of having brute-force search being the best attack (so secure against algorithms running in time nearly 2n) but design and security analysis is more of an art than a science • Stream Ciphers Essentially meant to be pseudorandom generators, used for stateful encryption. Examples: linear feedback shift registers (not secure, but used as component in better stream ciphers), RC4, SEAL, ... Extremely simple and fast Practical issues: can generate pseudorandom bits oine and decrypt very quickly without buering, but requires synchronization • Block ciphers For every key n, ` ` is a permutation, and both and −1 k 2 f0; 1g fk : f0; 1g ! f0; 1g fk fk can be computed quickly given k.(n=key length, ` = block length) Examples: DES, AES/Rijndael, IDEA, ... Main tools for private-key encryption in practice. Have both stateless modes and stateful/stream-like modes. • How are they designed? More of an art than science.
    [Show full text]
  • Classic Cryptosystems
    Classic Cryptosystems ١ ١ Key Points Field: set of elements with + & * Modular Arithmetic: reduces all numbers to fixed set [[00…n…n--11]] GCD: largest positive integer dividing Finite Field: finite number of elements Order Finite Field: power of a prime Pn where n = integer Finite Field: of order p can be defined using normal arithmetic mod p 6262//٢٢ Modulo Operation Q: What is 12 mod 9??9 A: 12 mod 9 ≡3≡3 Let a,r,m ∈ Ζ ((Ζ = set of all integers ) and m >0.. We write r ≡ a mod m if m––rr divides a.. m is called the modulus. rr is called the remainder. q · a = m --rr 0 ≤ r< m 6262//٣٣ Ring Ring Zm is: – Set of integers: Zm={00,,11,,22,…,m,…,m--11}} – Two operation: “+” and “ ××”” → ≡≡ ∈ “+” a + b c mod m (c Zmm)) ×× → ×× ≡≡ ∈ ““ ” a b d mod m (d Zmm)) Example: – m = 7,7, Z77={00,,11,,22,,33,,44,,55,,66}} 6 + 5 = 11 mod 7 = 44 6 ×× 5 = 30 mod 7 = 22 6262//٤٤ Ring Zm Properties & Operations Identity: additive ‘‘00’’ , multiplicative ‘1‘ 1’’ a+00=a=a , a××11=a=a mod m Inverse: additive ‘‘--a’,a’, multiplicative ‘a--11’’ a+( --a)=0 mod m, a×× a--11 =1 mod m Multiplicative inverse exist if gcd (a,m) = 1 Ring Addition and Multiplication is: Closed, Commutative, Associative 6262//٥٥ Division on Ring Zm Ring Division: 44//1515 mod 26??? 44//1515 mod 26 = 4 ×× 1515 --11 mod 2626 1515 --11 mod 2626exist if gcd(1515,,2626)=gcd( )=11 1515 --11 mod 26 = 7 4//15 mod 26 = 4××7 mod 26 = 28 mod 26=2 Note that the modulo operation can be applied whenever we want: (a + b) mod m = [(a mod m)+ (b mod m)] mod m (a ×× b) mod m = [(a mod m) ×× (b mod m)] mod m 6262//٦٦ Exponentiation in Zm Ring Exponentiation: 338 mod 7 =??? 338 mod 7 = 6561 mod 77 6561 mod 7 = 2 → 65616561=(=(937937 ××77)+)+22 Or = 3388 = 3344××3344= 3322××3322××3322××3322 338 mod 7 = [( 332 mod 77))××((332 mod 77)) ××((332 mod 77)) ××((332 mod 77)])] mod 77 338 mod 7 = (2( 2 ×× 2 ×× 2 ×× 22)) mod 7 = 16 mod 77==22 Note that ring Ζmm (modulo arithmetic) is of central importance to modern publicpublic--keykey cryptography.
    [Show full text]
  • Symmetric Cryptography
    University of Karlsruhe Advanced Systems Seminar Summer Term 2003 Symmetric Cryptography Daniel Grund 2003/07/01 Abstract Making systems secure is becoming more and more important nowadays. In most cases, isolation of sensitive data is not possible and systems therefore rely on cryptography for secure storage or transmission. This document will focus on classic cryptography, also called symmetric or secret key cryptogra- phy. It will present general concepts and some examples, allowing the reader to get a more detailed view of the internal work of ciphers. It will not discuss cryptanalysis. Key Words: Stream Cipher, Block Cipher, DES, AES, One Time Pad, Electronic Code Book, Cipher Block Chaining, Output Feedback, Cipher Feedback Contents 1 Introduction 3 1.1 Stream Ciphers .......................... 3 1.2 Block Ciphers ........................... 4 2 Operation modes 5 2.1 Synchronous ............................ 5 2.2 Asynchronous ........................... 6 2.3 Electronic Code Book ....................... 6 2.4 Cipher Block Chaining ...................... 6 2.5 Output Feedback ......................... 7 2.6 Cipher Feedback ......................... 7 2.7 Comparsion ............................ 8 3 Examples 10 3.1 DES ................................ 10 3.1.1 History ........................... 10 3.1.2 The Algorithm ...................... 11 3.1.3 Key Expansion ...................... 11 3.1.4 Initial Permutation .................... 11 3.1.5 A DES Round ....................... 11 3.1.6 The Round Function ................... 12 3.1.7 Decryption ........................ 13 3.1.8 Security of DES ...................... 13 3.1.9 Improvements on DES .................. 13 3.2 AES ................................ 14 3.2.1 History ........................... 14 3.2.2 The Algorithm ...................... 14 3.2.3 Key Schedule ....................... 14 3.2.4 The Round Transformation ............... 15 3.2.5 ByteSub .......................... 15 3.2.6 ShiftRow .........................
    [Show full text]
  • SNOW - a New Stream Cipher?
    SNOW - a new stream cipher? Patrik Ekdahl, Thomas Johansson Dept. of Information Technology Lund University, P.O. Box 118, 221 00 Lund, Sweden {patrik,thomas}@it.lth.se November 22, 2001 Abstract. In this paper a new word-oriented stream cipher, called SNOW, is proposed. The design of the cipher is quite simple, consisting of a linear feedback shift register, feeding a nite state machine. The design goals of producing a stream cipher signicantly faster than AES, with signicantly lower implementation costs in hardware, and a security level similar to AES is currently met. Our fastest C implemen- tation requires under 1 clock cycle per running key bit. The best attacks are generic attacks like an exhaustive key search attack. Keywords. SNOW, Stream ciphers, summation combiner, correlation attacks. 1 Introduction Cipher systems are usually subdivided into block ciphers and stream ciphers. Block ciphers tend to simultaneously encrypt groups of characters, whereas stream ciphers operate on individual characters of a plaintext message one at a time. A binary additive stream cipher is a synchronous stream cipher in which the keystream, the plaintext and the ciphertext are sequences of binary digits. The output of the keystream generator, called the running key, z(1); z(2);::: is added symbolwise to the plaintext sequence m(1); m(2);:::, producing the ciphertext c(1); c(2);:::. Each secret key k as input to the keystream generator corresponds to an output sequence. Since the secret key k is shared between the transmitter and the receiver, the receiver can decrypt by subtracting the output of the keystream generator from the ciphertext, obtaining the message sequence.
    [Show full text]
  • Enhancing Security and Speed of RC4
    International Journal of Computing and Network Technology ISSN 2210-1519 Int. J. Com. Net. Teach. 3, No. 2 (May 2015) Enhancing Security and Speed of RC4 Maytham M. Hammood1, 2, Kenji Yoshigoe1and Ali M. Sagheer3 1 Department of Computer Science, University of Arkansas at Little Rock, Little Rock, USA 2Department of Computer Science and Mathematics, University of Tikrit, Iraq 3Computer College, University of Anbar, Iraq Received: 10 Dec. 2014, Revised: 15 March, 2015, Accepted: 1 April 2015, Published: 1 (May) 2015 Abstract: Wireless communication security is a critical factor for secure communication among large scale of wireless networks. A limited resource constraint, such as power and memory size presents a significant challenge to implement existing cryptographic algorithms. One of the most important symmetric cryptographic algorithms is Rivest Cipher 4 (RC4) stream cipherthatis utilized in many real-time security applications. However, the RC4 cipher shows some weaknesses, including a correlation problem between the public known outputs of the internal state. In this paper, we propose RC4 stream cipher with a random initial state (RRC4) to solve the weak keys problem of the RC4 using a random initialization of internal state S. We also propose RC4 stream cipher with two state tables (RC4-2S) to solve the correlation problem between the public known outputs of the internal state using permutation between state1 (S1) and state 2 (S2) while requiring less time than RC4. Finally, we propose RC4 stream cipher with two state tables togenerate four keys (RC4-2S+) in each cycle which further enhances randomness overRC4-2S and RRC4. Keywords: Encryption, Stream Cipher, RC4, Random Number Generator attack can cause immediate loss of synchronization [3].
    [Show full text]
  • Scream: a Software-Efficient Stream Cipher
    Scream: a software-efficient stream cipher Shai Halevi Don Coppersmith Charanjit Jutla IBM T. J. Watson Research Center P.O. Box 704, Yorktown Heights, NY 10598, USA shaih,copper,csjutla @watson.ibm.com f g June 5, 2002 Abstract We report on the design of Scream, a new software-efficient stream cipher, which was designed to be a \more secure SEAL". Following SEAL, the design of Scream resembles in many ways a block-cipher design. The new cipher is roughly as fast as SEAL, but we believe that it offers a significantly higher security level. In the process of designing this cipher, we re-visit the SEAL design paradigm, exhibiting some tradeoffs and limitations. Key words: Stream ciphers, Block ciphers, Round functions, SEAL. 1 Introduction A stream cipher (or pseudorandom generator) is an algorithm that takes a short random string, and expands it into a much longer string, that still \looks random" to adversaries with limited resources. The short input string is called the seed (or key) of the cipher, and the long output string is called the output stream (or key-stream). Stream ciphers can be used for shared-key encryption, by using the output stream as a one-time-pad. In this work we aim to design a secure stream cipher that has very fast implementations in software. 1.1 A more secure SEAL The starting point of our work was the SEAL cipher. SEAL was designed in 1992 by Rogaway and Coppersmith [6], specifically for the purpose of obtaining a software efficient stream cipher. Nearly ten years after it was designed, SEAL is still the fastest steam cipher for software implementations on contemporary PC's, with \C" implementations running at 5 cycle/byte on common PC's (and 3.5 cycle/byte on some RISC workstations).
    [Show full text]