DOCSLIB.ORG

Cracking DES : Secrets of Encryption Research, Wiretap Politics & Chip

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cracking DES : Secrets of Encryption Research, Wiretap Politics & Chip cracking Secrets of How federal Encryption Research agencies Wiretap Politics subuert & Chip Design priuacv e ELECTRONIC FRONTIER FOUNDATION Digitized by the Internet Archive in 2013 http://archive.org/details/crackingdessecreOOelec Cracking DES Cracking DES Secrets ofEncryption Research, Wiretap Politics & Chip Design Electronic Frontier Foundation Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design by the Electronic Frontier Foundation With the exceptions noted, this book and all of its contents are in the public domain. Published in 1998 by the Electronic Frontier Foundation. Printed in the United States of America. No rights reserved. Every part of this book, except as noted below, may be reproduced, in any form or by any means, without permission in writing from the publisher. Because this material is in the public domain, permission to reproduce, use, copy, modify, and distribute this material for any purpose and without fee is hereby granted. The test-file, bootstrap, and bootstrap2 listings in Chapter 4 are Copyright © 1997 by Network Associates, Inc. These listings may be reproduced in whole or in part without payment of royalties. Chapter 10, Architectural Considerations for Cryptanalytic Hardware, is Copyright ©1996 by the authors, Ian Goldberg and David Wagner. It may not be reproduced without the permission of the authors, who can be reached at [email protected] and [email protected]. Chapter 11, Efficient DES Key Search: An Update, is Copyright © 1997 by Entrust Technologies. It may be reproduced in whole or in part without payment of royalties. Chapter 9, Breaking One Million DES Keys, is Copyright © 1986. Work done at the University of Leuven, Belgium, and supported by the NFWO, Belgium. It may not be repro- duced without the permission of the author, who can be reached at [email protected]. Distributed by O'Reilly & Associates, Inc., 101 Morris Street, Sebastopol, CA 95472. Printing History: May 1998: First Edition. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed in caps or initial caps. While many precautions have been taken in the preparation of this book, the publisher and distributor assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This book is printed on acid-free paper with 85% recycled content, 15% post-consumer waste. O'Reilly & Associates is committed to using paper with the highest recycled content available consistent with high quality. ISBN: 1-56592-520-3 [9/98] Table of Contents Foreword ix Preface xiii 1: Overview /-/ Politics of Decryption 1-1 Goals 1-7 History of DES Cracking 1-8 EFF's DES Cracker Project 1-8 Architecture 1-9 Who Else Is Cracking DES? 1-16 What To Do If You Depend On DES 1-17 Conclusion 1-18 2: Design for DES Key Search Array 2-1 On-Chip Registers 2-1 Commands 2-4 Search Unit Operation 2-4 Sample Programming Descriptions 2-5 Scalability and Performance 2-9 Host Computer Software 2-9 Glossary 2-10 vi Table of Contents 3: Design for DES Key Search Array Chip-Level Specification 3-1 ASIC Description 3-1 Board description 3-3 Read and Write Timing 3-5 Addressing Registers 3-7 All-active Signal 3-7 ASIC Register Allocation 3-8 4: Scanning the Source Code 4-1 The Politics of Cryptographic Source Code 4-1 The Paper Publishing Exception 4-2 Scanning 4-4 Bootstrapping 4-5 5: Software Source Code 5-1 6: Chip Source Code 6-1 7: Chip Simulator Source Code 7-1 8: Hardware Board Schematics 8-1 Board Schematics 8-1 Sun-4/470 backplane modifications 8-10 PC Interfaces 8-12 Errata 8-13 9: Breaking One Million DES Keys by Yvo Desmedt 9-1 Abstract 9-1 Introduction 9-1 The basic idea 9-2 Details of such a machine 9-2 Obtained results and remarks 9-4 Conclusion 9-4 Acknowledgement 9-5 Table of Contents vii 10: Architectural Considerations for Cryptanalytic Hardware .. 10-1 Abstract 10-1 Introduction 10-1 Motivation 10-2 Related work 10-4 Technical Approach 10-6 Design and Analysis 10-8 Future work 10-23 Conclusions 10-23 Acknowledgements 10-24 Availability 10-24 References 10-24 — 11: Efficient DES Key Search An Update by Michael J. Wiener 11-1 Advancing Technology 11-2 Programmable Hardware 11-3 Conclusion 11-4 12: Authors 12-1 The Electronic Frontier Foundation 12-1 John Gilmore 12-2 Cryptography Research 12-2 Paul Kocher 12-3 Advanced Wireless Technologies 12-3 Foreword by Whitfield Dijfie In 1974 the Stanford computer science community ate at Loui's.* As I sat eating one evening in the fall, Butler Lampson approached me, and in the course of inquiring what I was doing, remarked that the IBM Lucifer system was about to be made a national standard. I hadn't known it, and it set me thinking. My thoughts went as follows: NSA doesn't want a strong cryptosystem as a national standard, because it is afraid of not being able to read the messages. On the other hand, if NSA endorses a weak cryptographic system and is discovered, it will get a terrible black eye. Hints that Butler was correct began to appear and I spent quite a lot of time think- ing about this problem over the next few months. It led me to think about trap- door cryptosystems and perhaps ultimately public-key cryptography. When the Proposed Data Encryption Standard was released on the 17th of March 1975,* I thought I saw what they had done. The basic system might be ok, but the keyspace was on the small side. It would be hard to search, but not impossible. My first estimate was that a machine could be built for $650M that would break DES in a week. I discussed the idea with Marty Hellman and he took it on with a vengance. Before we were through, the estimated cost had fallen to $20M and the time had declined to a day.* * Louis Kao's Hsi-Nan restaurant in Town and Country Village, Palo Alto t 40 Federal Register 12067 \ Whitfield Diffie and Martin E. Hellman. Exhaustive cryptanalysis of the NBS data encryption stan- dard. Computer, 10(6):74-84, June 1977. IX Foreword by Whitfield Diffie Our paper started a game in the cryptographic community and many papers on searching through DES keys have since been written. About three years after the publication of our paper, Robert Jueneman—then at Satellite Business Systems in McLean, Virginia —wrote "The Data Encryption Standard vs. Exhaustive Search."* This opus was substantially more optimistic about the chances for DES breaking. It predicted that by 1985 a half-million dollar investment would get you a DES key every hour and that by 1995, $10 million similarly spent would reduce that time to two seconds, an estimate remarkably close to one made fifteen years later. A decade later, Yvo Desmedt and Jean-Jaques Quisquater made two contibutions, one whimsical, one serious. Using a related "birthday problem" sort of approach, they proposed a machine for attacking many cryptographic problems at a timet. Their whimsical suggestion took advantage of the fact that the polulation of China was about the square root of the size of the DES key space.* The year 1993 brought a watershed. Michael Wiener of Bell-Northern Research (BNR) designed the most solid paper machine yet.S It would not be too far off to describe it as a Northern Telecom DMS100 telephone switch, specialized to attack- ing DES. What made the paper notworthy was that it used standard Northern Tele- com design techniques from the chips to the boards to the cabinets. It anticipated an investment of under a million dollars for a machine that would recover a key every three hours. A provocative aside was the observation that the required bud- get could be hidden in a director's budget at BNR. Finally, in 1996, an estimate was prepared by not one or two cryptographers but by a group later, and not entirely sympathetically, called the magnificent seven. 11 This estimate outlined three basic approaches loosely correlated with three levels of resources. At the cheap end was scrounging up time on computers you didn't need to own. In the middle was using programmable logic arrays, possibly PLA machines built for some other purpose such as chip simulation. The high end was the latest refinement of the custom chip approach. * R. R. Jueneman, The Data Encryption Standard vs. Exhaustive Search: Practicalities and Politics. 5 Feb 1981. f Yvo Desmedt, "An Exhaustive Key Search Machine Breaking One Million DES Keys", presented at Eurocrypt 1987. Chapter 9 of this book. t Jean-Jacques Quisquater and Yvo G. Desmedt, Chinese Lotto as an Exhaustive Code-Breaking Machine, Computer, 24(11): 14-22, November 1991. § Michael Wiener, "Efficient DES Key Search", presented at the Rump session of Crypto '93. Reprinted in Practical Cryptography for Data Internetworks, W. Stallings, editor, IEEE Computer Society Press, pp. 31-79 (1996). Currently available at ftp://ripem.msu.edu/pub/crypt/docs/des-key- search.ps. II Matt Blaze, Whitfield Diffie, Ronald L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson, and Michael Wiener. "Minimal key lengths for symmetric ciphers to provide adequate commercial security: A report by an ad hoc group of cryptographers and computer scientists", January 1996. Avail- able at http: //www. bsa.org /policy /encrypt ion /cryptographers .html. Foreword by Whitfield Dijfie Exhaustive key search is a surprising problem to have enjoyed such popularity.
Load more

Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance
    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
    [Show full text]
  • New Comparative Study Between DES, 3DES and AES Within Nine Factors
    JOURNAL OF COMPUTING, VOLUME 2, ISSUE 3, MARCH 2010, ISSN 2151-9617 152 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ New Comparative Study Between DES, 3DES and AES within Nine Factors Hamdan.O.Alanazi, B.B.Zaidan, A.A.Zaidan, Hamid A.Jalab, M.Shabbir and Y. Al-Nabhani ABSTRACT---With the rapid development of various multimedia technologies, more and more multimedia data are generated and transmitted in the medical, also the internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information .Besides that, digital documents are also easy to copy and distribute, therefore it will be faced by many threats. It is a big security and privacy issue, it become necessary to find appropriate protection because of the significance, accuracy and sensitivity of the information. , which may include some sensitive information which should not be accessed by or can only be partially exposed to the general users. Therefore, security and privacy has become an important. Another problem with digital document and video is that undetectable modifications can be made with very simple and widely available equipment, which put the digital material for evidential purposes under question. Cryptography considers one of the techniques which used to protect the important information. In this paper a three algorithm of multimedia encryption schemes have been proposed in the literature and description. The New Comparative Study between DES, 3DES and AES within Nine Factors achieving an efficiency, flexibility and security, which is a challenge of researchers. Index Terms—Data Encryption Standared, Triple Data Encryption Standared, Advance Encryption Standared.
    [Show full text]
  • The Aes Project Any Lessons For
    THE AES PROJECT: Any Lessons for NC3? THOMAS A. BERSON, ANAGRAM LABORATORIES Technology for Global Security | June 23, 2020 THE AES PROJECT: ANY LESSONS FOR NC3? THOMAS A. BERSON JUNE 23, 2020 I. INTRODUCTION In this report, Tom Berson details how lessons from the Advanced Encryption Standard Competition can aid the development of international NC3 components and even be mirrored in the creation of a CATALINK1 community. Tom Berson is a cryptologist and founder of Anagram Laboratories. Contact: [email protected] This paper was prepared for the Antidotes for Emerging NC3 Technical Vulnerabilities, A Scenarios-Based Workshop held October 21-22, 2019 and convened by The Nautilus Institute for Security and Sustainability, Technology for Global Security, The Stanley Center for Peace and Security, and hosted by The Center for International Security and Cooperation (CISAC) Stanford University. A podcast with Tom Berson and Philip Reiner can be found here. It is published simultaneously here by Technology for Global Security and here by Nautilus Institute and is published under a 4.0 International Creative Commons License the terms of which are found here. Acknowledgments: The workshop was funded by the John D. and Catherine T. MacArthur Foundation. Maureen Jerrett provided copy editing services. Banner image is by Lauren Hostetter of Heyhoss Design II. TECH4GS SPECIAL REPORT BY TOM BERSON THE AES PROJECT: ANY LESSONS FOR NC3? JUNE 23, 2020 1. THE AES PROJECT From 1997 through 2001, the National Institute for Standards and Technology (US) (NIST) ran an open, transparent, international competition to design and select a standard block cipher called the Advanced Encryption Standard (AES)2.
    [Show full text]
  • Data Encryption Standard
    Data Encryption Standard The Data Encryption Standard (DES /ˌdiːˌiːˈɛs, dɛz/) is a Data Encryption Standard symmetric-key algorithm for the encryption of electronic data. Although insecure, it was highly influential in the advancement of modern cryptography. Developed in the early 1970s atIBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. In 1976, after consultation with theNational Security Agency (NSA), the NBS eventually selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute-force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977. The publication of an NSA-approved encryption standard simultaneously resulted in its quick international adoption and widespread academic scrutiny. Controversies arose out of classified The Feistel function (F function) of DES design elements, a relatively short key length of the symmetric-key General block cipher design, and the involvement of the NSA, nourishing Designers IBM suspicions about a backdoor. Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to First 1975 (Federal Register) actually remove a backdoor they secretly knew (differential published (standardized in January 1977) cryptanalysis). However, the NSA also ensured that the key size was Derived Lucifer drastically reduced such that they could break it by brute force from [2] attack. The intense academic scrutiny the algorithm received over Successors Triple DES, G-DES, DES-X, time led to the modern understanding of block ciphers and their LOKI89, ICE cryptanalysis.
    [Show full text]
  • Soft Error Resistant Design of the AES Cipher Using SRAM-Based FPGA
    Soft Error Resistant Design of the AES Cipher Using SRAM-based FPGA by Solmaz Ghaznavi A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Electrical and Computer Engineering Waterloo, Ontario, Canada, 2011 ©Solmaz Ghaznavi 2011 AUTHOR'S DECLARATION I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract This thesis presents a new architecture for the reliable implementation of the symmetric-key algorithm Advanced Encryption Standard (AES) in Field Programmable Gate Arrays (FPGAs). Since FPGAs are prone to soft errors caused by radiation, and AES is highly sensitive to errors, reliable architectures are of significant concern. Energetic particles hitting a device can flip bits in FPGA SRAM cells controlling all aspects of the implementation. Unlike previous research, heterogeneous error detection techniques based on properties of the circuit and functionality are used to provide adequate reliability at the lowest possible cost. The use of dual ported block memory for SubBytes, duplication for the control circuitry, and a new enhanced parity technique for MixColumns is proposed. Previous parity techniques cover single errors in datapath registers, however, soft errors can occur in the control circuitry as well as in SRAM cells forming the combinational logic and routing. In this research, propagation of single errors is investigated in the routed netlist. Weaknesses of the previous parity techniques are identified.
    [Show full text]
  • Cryptographic Algorithm Analysis and Implementation
    EasyChair Preprint № 3210 Cryptographic Algorithm Analysis and Implementation Nandkumar Niture EasyChair preprints are intended for rapid dissemination of research results and are integrated with the rest of EasyChair. April 20, 2020 Cryptographic Algorithm Analysis and Implementation By: - Nandkumar A Niture 1 Abstract The impact and necessity of information security has increased exponentially over the last f ew decades as the denial-of-service attacks are increasing, information is being stolen, hackers are using more sophisticated and smart methods with help of agile tools for stealing sensitive information. Do small/mid-size/large corporate organizations need the security of their system? Yes. They have sensitive user data, employee data, trading data, customer data and other sensitive confidential information stored in office systems. Do common people need the security of their systems at home? Yes. They may have their taxes files, social security card information, bank account details, private pictures, marketing strategy for their small business and many more private things. Computer cryptography was the exclusive domain for long period of time since World War II but now is practiced outside of military agencies. Cryptography is both science and art, it uses known obscurity and mathematical formulae. Cryptographic systems should have ability to assure the authenticity of source from where message gets originated and proof of complete message delivery. It is sometimes insufficient to protect ourselves from the rules and laws, but we need to protect ourselves with applying sufficient mathematical equations. So, it is individuals and legal organizations responsibility to protect their own data. By combining the digital signature with public-key cryptography, we can develop a protocol that combines the security of encryption with the authenticity of digital signatures.
    [Show full text]
  • 1. AES Seems Weak. 2. Linear Time Secure Cryptography
    Smith typeset 19:27 8 Jun 2007 AES bust 1. AES seems weak. 2. Linear time secure cryptography Warren D. Smith∗ [email protected] June 8, 2007 Abstract — We describe a new simple but more power- ciphertext pair. It would run almost instantaneously.) Any ful form of linear cryptanalysis. It appears to break AES secret key cipher with a K-bit key can be cracked by exhaus- (and undoubtably other cryptosystems too, e.g. SKIP- tive key search by performing 2K encryptions. It is a usual JACK). The break is “nonconstructive,” i.e. we make it design aim to try to make the≈ security level attain this 2K plausible (e.g. prove it in certain approximate probabilis- upper bound. tic models) that a small algorithm for quickly determining AES-256 keys from plaintext-ciphertext pairs exists – but without constructing the algorithm. The attack’s runtime is comparable to performing 64w encryptions where w is 1 DES and AES, their demise, and the (unknown) minimum Hamming weight in certain bi- the demise of privacy generally nary linear error-correcting codes (BLECCs) associated with AES-256. If w < 43 then our attack is faster than ex- DES and its successor AES were the product of cryptosystem- haustive key search; probably w < 10. (Also there should design competitions (1974, 2001) sponsored and judged by the be ciphertext-only attacks if the plaintext is natural En- US Government and as such are the two most famous cryp- glish.) tosystems. Even if this break breaks due to the underlying models in- DES’s obvious weakness was its short (56 bit) secret-key adequately approximating the real world, we explain how AES still could contain “trapdoors” which would make length.
    [Show full text]
  • DES Cracker" Machine
    Frequently Asked Questions (FAQ) About the Electronic Frontier Foundation's "DES Cracker" Machine Table of Contents Introduction What are cryptography, encryption and cryptanalysis? What is DES? Who uses DES? What claims have been made about DES? What is the 'EFF DES Cracker' and how does it work? Who built the EFF DES Cracker? Does the EFF DES Cracker really work? How much did the EFF DES Cracker cost to build? Why was the EFF DES Cracker built? What should those who depend on DES do now that we are clear on its insecurity? How long should cipher keys be to avoid these attacks? How long does the EFF DES Cracker take to crack DES? How does this affect cryptographic algorithms other than DES? What standards are replacing DES? How does this relate to the movie "Sneakers?" Is the EFF DES Cracker practical or a laboratory curiosity? What has been the impact of export controls on cryptography? Have other groups studied the implications of controls over the research and application of cryptography? What is the Electronic Frontier Foundation (EFF)? Sources Introduction The Electronic Frontier Foundation began its investigation into DES cracking in 1997 to determine just how easily and cheaply a hardware-based DES Cracker could be constructed. EFF set out to design and build a DES Cracker to counter the claim made by U.S. government officials that American industry or foreign governments cannot decrypt information when protected by DES or weaker encryption, or that it would take multimillion-dollar networks or computers months to decrypt one message. Less than one year later and for well under US $250,000, EFF's DES Cracker entered and won the RSA DES Challenge II-2 competition in less than 3 days, proving that DES is not secure and that such a machine is inexpensive to design and build.
    [Show full text]
  • Cryptanalysis of Selected Block Ciphers
    Downloaded from orbit.dtu.dk on: Sep 24, 2021 Cryptanalysis of Selected Block Ciphers Alkhzaimi, Hoda A. Publication date: 2016 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Alkhzaimi, H. A. (2016). Cryptanalysis of Selected Block Ciphers. Technical University of Denmark. DTU Compute PHD-2015 No. 360 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Cryptanalysis of Selected Block Ciphers Dissertation Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at the Department of Mathematics and Computer Science-COMPUTE in The Technical University of Denmark by Hoda A.Alkhzaimi December 2014 To my Sanctuary in life Bladi, Baba Zayed and My family with love Title of Thesis Cryptanalysis of Selected Block Ciphers PhD Project Supervisor Professor Lars R. Knudsen(DTU Compute, Denmark) PhD Student Hoda A.Alkhzaimi Assessment Committee Associate Professor Christian Rechberger (DTU Compute, Denmark) Professor Thomas Johansson (Lund University, Sweden) Professor Bart Preneel (Katholieke Universiteit Leuven, Belgium) Abstract The focus of this dissertation is to present cryptanalytic results on selected block ci- phers.
    [Show full text]
  • CNS Lecture 6
    In the news CNS Lecture 6 • Microsoft IE Active X remote code execution • Microsoft powerpoint remote code execution (0-day) Block ciphers -- AES (Rijndael) • MAX OS X multiple vulnerabilities Stream ciphers • OpenSSL ASN.1 remote buffer overflow Key management • gzip, firefox, Adobe flash player, … review assignment 5 A assignment 6 CNS Lecture 6 - 2 Block cipher modes You are here … Attacks & Defenses Cryptography Applied crypto • ECB, CBC, CFB, OFB, CTR • Risk assessment •Random numbers •SSH • applies to all block ciphers • Viruses • •Hash functions •PGP Padding, chaining and IV’s • Unix security • hide repeated plaintext MD5, SHA,RIPEMD •S/Mime • authentication • different error/attack properties • Network security •Classical + stego •SSL Firewalls,vpn,IPsec,IDS •Number theory •Kerberos •Symmetric key •IPsec encryption does not guarantee message integrity! DES, Rijndael, RC5 •Public key RSA, DSA, D-H,ECC CNS Lecture 6 - 3 CNS Lecture 6 - 4 Padding, IV’s, and key generation in OpenSSL Block ciphers • Encryption will pad to block size of cipher (DES: 8 bytes, AES 16) Feistel substitution and permutation – E.g., 3 bytes in 8 encrypted bytes out, 21 in 24 out – May want to pre-pad with random “salt” to obscure same message • DES •performance (time/space) vs strength • OpenSSL standard API encryption pads with bytes of IV • Lucifer •large keys – EVP methods pads with byte count (PKCS 5) •strong subkey generation and pre-pends 8-byte magic “Salted__” and 8 byte random salt • blowfish •large blocks – openssl des-cbc: 7 bytes in 24 encrypted
    [Show full text]
  • T-79.503 Cryptography and Data Security
    T-79.4501 Cryptography and Data Security Summary 2006 - Life cycle of a cryptographic algorithm - Searches and probabilities - Highlights 1 Building Blocks • one-way functions • one-way permutations • one-way trapdoor permutations • collision resistant compression (hash) functions • pseudo-random functions • (pseudo-) random number generators 2 1 Contemporary cryptographic primitives • Secret key (symmetric) primitives – Block cipher – Stream cipher – Integrity primitives • Message authentication code (MAC) • Hash functions • Public key (asymmetric) primitives – Public key encryption scheme – Digital signature scheme 3 Life Cycle of a Cryptographic Algorithm DEVELOPMENT • Construction • Security proofs and arguments • Evaluation USE • Publication of the algorithm • Implementation • Independent evaluation • Embedding into system • Key management • Independent evaluation END • Break; or • Degradation by time • Implementation attacks • Side channel attacks 4 2 One Time Pad • Claude Shannon laid (1949) the information theoretic fundamentals of secrecy systems. • Shannon’s pessimistic inequality: For perfect secrecy you need as much key as you have plaintext. • In practical ciphers the key is much shorter than the plaintext to be encrypted • Practical ciphers never provide perfect secrecy 5 DES Data Encryption Standard 1977 - 2002 • Standard for 25 years • Finally found to be too small. DES key is only 56 bits, that is, there are about 1016 different keys. By manufacturing one million chips, such that, each chip can test one million keys in a second, then one can find the key in about one minute. • The EFF DES Cracker built in 1998 can search for a key in about 4,5 days. The cost of the machine is $250 000. • The design was a joint effort by NSA and IBM.
    [Show full text]
  • Statistical Cryptanalysis of Block Ciphers
    STATISTICAL CRYPTANALYSIS OF BLOCK CIPHERS THÈSE NO 3179 (2005) PRÉSENTÉE À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS Institut de systèmes de communication SECTION DES SYSTÈMES DE COMMUNICATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Pascal JUNOD ingénieur informaticien dilpômé EPF de nationalité suisse et originaire de Sainte-Croix (VD) acceptée sur proposition du jury: Prof. S. Vaudenay, directeur de thèse Prof. J. Massey, rapporteur Prof. W. Meier, rapporteur Prof. S. Morgenthaler, rapporteur Prof. J. Stern, rapporteur Lausanne, EPFL 2005 to Mimi and Chlo´e Acknowledgments First of all, I would like to warmly thank my supervisor, Prof. Serge Vaude- nay, for having given to me such a wonderful opportunity to perform research in a friendly environment, and for having been the perfect supervisor that every PhD would dream of. I am also very grateful to the president of the jury, Prof. Emre Telatar, and to the reviewers Prof. em. James L. Massey, Prof. Jacques Stern, Prof. Willi Meier, and Prof. Stephan Morgenthaler for having accepted to be part of the jury and for having invested such a lot of time for reviewing this thesis. I would like to express my gratitude to all my (former and current) col- leagues at LASEC for their support and for their friendship: Gildas Avoine, Thomas Baign`eres, Nenad Buncic, Brice Canvel, Martine Corval, Matthieu Finiasz, Yi Lu, Jean Monnerat, Philippe Oechslin, and John Pliam. With- out them, the EPFL (and the crypto) would not be so fun! Without their support, trust and encouragement, the last part of this thesis, FOX, would certainly not be born: I owe to MediaCrypt AG, espe- cially to Ralf Kastmann and Richard Straub many, many, many hours of interesting work.
    [Show full text]