DOCSLIB.ORG

15-853: Algorithms in the Real World

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
15-853: Algorithms in the Real World Announcements • Homework 2 graded. • Recitation tomorrow: • Eigenvalues and SVD. • HW solution discussion. • No lecture next Tuesday (November 5th). • Make-up lecture next Friday (November 8th). 15-853 Page 1 15-853:Algorithms in the Real World Cryptography #1 15-853 Page 2 Cryptography Outline Introduction: terminology, cryptanalysis, security Private-Key Algorithms: Rijndael, DES Number Theory 15-853 Page 3 Cryptography Outline Introduction: – terminology – cryptanalytic attacks – security Private-Key Algorithms: Rijndael, DES Number Theory 15-853 Page 4 Some Terminology Cryptography – the general term Cryptology – the theory Encryption – encoding (but sometimes used as general term) Cryptanalysis – breaking codes Cipher – a method or algorithm for encrypting or decrypting 15-853 Page 5 More Definitions Plaintext Key1 Encryption Ek(m) = c Key Ciphertext Generator Key2 Decryption Dk(c) = m Original Plaintext Private Key or Symmetric: Key1 = Key2 Public Key or Asymmetric: Key1 ≠ Key2 Key1 or Key2 is public depending on the protocol 15-853 Page 6 Private key encryption k k m c m Alice Encrypt Decrypt Bob We assume Eve knows everything about the encryption scheme Eve (except the secret key) 15-853 Page 7 What does it mean to be secure? Attempt 1: it should be impossible for Eve to get the key. Attempt 2: it should be impossible for Eve to recover m. Attempt 3: impossible for Eve to recover any bit of m. Attempt 4: regardless of any information that Eve has, c should not leak any additional information about m. ✓ 15-853 Page 8 One-time pad • Key generation: • Input: length n (in unary) • Output: uniformly random k {0,1}n • Encryption: ∈ • Input: m {0,1}n, k {0,1}n • Output: c = m k ∈ ∈ • Decryption: ⊕ • Input: c {0,1}n, k {0,1}n • Output: m = c k ∈ ∈ ⊕ 15-853 Page 9 One-time pad One-time pad is perfectly secret: • Let M, C be r.v.s for the message and ciphertext. • For every message m and ciphertext c with Pr[C=c] > 0: Pr[M = m | C = c] = Pr[M = m] • Ciphertext contains no information about message! 15-853 Page 10 One-time pad One-time pad is perfectly secret. Proof: Pr[C = c | M = m] = Pr[m K = c] = Pr[K = m c] = 2-n Pr[C = c] = Σm Pr[C = c | M = m] Pr[M = m] -n ⊕ -n ⊕ = 2 Σm Pr[M = m] = 2 Pr[M = m | C = c] = Pr[C = c | M = m] Pr[M = m] / Pr[C = c] = Pr[M = m] Can we reuse a one-time pad? No. 15-853 Page 11 The importance of randomness • Previous proof only works if key is truly uniformly random. • An adversary can exploit biases in randomness. • There are techniques to extract uniformly random bits from biased sources. • E.g: suppose we have a biased coin with probabilities p and 1 – p for heads and tails. • How to obtain uniformly random bits from this coin? • Flip twice: • If (heads, tails) then output 1. • If (tails, heads) then output 0. • If (heads, heads) or (tails, tails) then no output. 15-853 Page 12 Computational secrecy • Perfect secrecy requires the key to be at least as long as the message. This is impractical! • We need to settle for a weaker definition. • Any efficient adversary succeeds in breaking the scheme with at most negligible probability. • Efficient = runs in probabilistic polynomial time (PPT). • Negligible = goes to zero faster than any inverse poly: – A positive function f is negligible if for every positive integer c, there exists Nc such that: -c f(n) < n , for all n > Nc – Denoted as f = negl(n). 15-853 Page 13 Cryptanalytic Attacks c = ciphertext messages m = plaintext messages Ciphertext Only: Attacker has multiple cs but does not know the corresponding ms Known Plaintext: Attacker knows some number of (c,m) pairs. Chosen Plaintext: Attacker gets to choose ms and generate cs before. Chosen Ciphertext: Attacker gets to choose cs and generate ms before. 15-853 Page 14 Cryptography Outline Introduction: terminology, cryptanalysis, security Private-Key Algorithms: – Block ciphers and product ciphers – Rijndael, DES Number Theory 15-853 Page 15 Private Key Algorithms Plaintext Key1 Encryption Ek(M) = C Ciphertext Key1 Decryption Dk(C) = M Original Plaintext What granularity of the message does Ek encrypt? 15-853 Page 16 Private Key Algorithms Block Ciphers: blocks of bits at a time – DES (Data Encryption Standard) Banks, linux passwords (almost), SSL, kerberos, … – Blowfish (SSL as option) – IDEA (used in PGP, SSL as option) – Rijdael (AES) – the new standard 15-853 Page 17 Private Key: Block Ciphers A Block cipher C is a function with: • Input: a key k {0,1}|k|, block x {0,1}n (with|k| ≤ n) • Output: a block y {0,1}n ∈ ∈ ∈ • Objective: should be hard to distinguish from a random permutation from {0,1}n to {0,1}n. • We can chop long messages into blocks. • Suppose we encrypt each block as c = C(k, m). • What’s the problem with this? • Equal messages have equal encryptions! 15-853 Page 18 Private Key: Block Ciphers Intuition: generate a “fresh” one-time pad for each block. Counter (CTR) mode: ctr ctr+1 ctr+2 ctr+3 C(k, ) C(k, ) C(k, ) ⋅ ⋅ ⋅ m1 m2 m3 ctr c1 c2 c3 15-853 Page 19 Block cipher implementations 15-853 Page 20 Iterated Block Ciphers m key Consists of n rounds k R 1 s1 “ ” k R = the round function R 2 si = state after round i s2 th . ki = the i round key . k R n c 15-853 Page 21 Iterated Block Ciphers: Decryption m key Run the rounds in reverse. k Requires that R has an R-1 1 inverse. s1 k R-1 2 s2 . k R-1 n c 15-853 Page 22 Feistel Networks • Run with round keys in reverse order to decrypt. • Used by DES (the Data Encryption Standard) Image: “Feistel cipher diagram” by Amirki CC BY-SA 3.0 15-853 Page 23 Substitution-Permutation network Each round has two components: – Substitution (S-box) one-to-one mapping of subblocks. – Permutation (P-box) Mix the bits around. Both operations are invertible. Avalanche effect: changing one bit of m affects all of c. Image: “Substitution-Permutation Network” by GaborPete CC BY-SA 3.0 15-853 Page 24 Rijndael Selected by AES (Advanced Encryption Standard, part of NIST) as the new private-key encryption standard. Based on an open “competition”. – Competition started Sept. 1997. – Narrowed to 5 Sept. 1999 • MARS by IBM, RC6 by RSA, Twofish by Counterplane, Serpent, and Rijndael – Rijndael selected Oct. 2000. – Official Nov. 2001 (AES page on Rijndael) Designed by Rijmen and Daemen (Dutch) 15-853 Page 25 Goals of Rijndael Resistance against known attacks: – Differential cryptanalysis – Linear cryptanalysis – Truncated differentials – Square attacks – Interpolation attacks – Weak and related keys Speed + Memory efficiency across platforms – 32-bit processors – 8-bit processors (e.g smart cards) – Dedicated hardware Design simplicity and clearly stated security goals 15-853 Page 26 High-level overview An iterated block cipher with – 10–14 rounds, – 128-256 bit blocks, and – 128-256 bit keys Mathematically reasonably sophisticated 15-853 Page 27 Blocks and Keys The blocks and keys are organized as matrices of bytes. For the 128-bit case, it is a 4x4 matrix. b b b b k k k k 0 4 8 12 0 4 8 12 b1 b5 b9 b13 k1 k5 k9 k13 b2 b6 b10 b14 k2 k6 k10 k14 b3 b7 b11 b15 k3 k7 k11 k15 Data block Key b0, b1, …, b15 is the order of the bytes in the stream. 15-853 Page 28 Galois Fields in Rijndael Uses GF(28) over bytes. The irreducible polynomial is: M(x) = x8 + x4 + x3 + x + 1 or 100011011 or 0x11B Also uses degree 3 polynomials with coefficients from GF(28). These are kept as 4 bytes (used for the columns) The polynomial used as a modulus is: M(x) = 00000001x4 + 00000001 or x4 + 1 Not irreducible, but we only need to find inverses of polynomials that are relatively prime to it. 15-853 Page 29 Each round Keyi 0 3 in . + out . 2 1 Rotate Mix Byte Rows columns substitution The inverse runs the steps and rounds backwards. Each step must be reversible! 15-853 Page 30 Byte Substitution Non linear: y = b-1 (done over GF(28)) Linear: z = Ay + B (done over GF(2), i.e., binary) 1 1 0 0 0 1 1 1 1 1 0 1 1 0 0 0 1 1 1 0 A = 1 1 1 0 0 0 1 1 B = 0 1 1 1 1 0 0 0 1 1 1 0 To invert the substitution: y = A-1(z - B) (the matrix A is nonsingular) b = y-1 (over GF(28)) 15-853 Page 31 Mix Columns a0 a For each column a in data block 1 a2 a3 3 2 3 2 4 compute b(x) = (a3x +a2x +a1x+a0)(3x +x +x+2) mod x +1 where coefficients are taken over GF(28). b0 New column b is where b(x)=b x3+b x2+b x+b b1 3 2 1 0 b2 b3 15-853 Page 32 Implementation Using xj mod (x4 + 1) = x(j mod 4) 3 2 3 2 4 (a3x +a2x +a1x+a0)(3x +x +x+2) mod x +1 = (2a0+3a1+a2+a3) + (a0+2a1+3a2+a3)x + 2 (a0+a1+2a2+3a3)x + 2 3 1 1 (3a +a +a +2a )x3 0 1 2 3 1 2 3 1 C = Therefore, b = C • a 1 1 2 3 3 1 1 2 M(x) is not irreducible, but the rows of C and M(x) are coprime, so the transform can be inverted.
Load more

Recommended publications
  • Report on the AES Candidates
    Rep ort on the AES Candidates 1 2 1 3 Olivier Baudron , Henri Gilb ert , Louis Granb oulan , Helena Handschuh , 4 1 5 1 Antoine Joux , Phong Nguyen ,Fabrice Noilhan ,David Pointcheval , 1 1 1 1 Thomas Pornin , Guillaume Poupard , Jacques Stern , and Serge Vaudenay 1 Ecole Normale Sup erieure { CNRS 2 France Telecom 3 Gemplus { ENST 4 SCSSI 5 Universit e d'Orsay { LRI Contact e-mail: [email protected] Abstract This do cument rep orts the activities of the AES working group organized at the Ecole Normale Sup erieure. Several candidates are evaluated. In particular we outline some weaknesses in the designs of some candidates. We mainly discuss selection criteria b etween the can- didates, and make case-by-case comments. We nally recommend the selection of Mars, RC6, Serp ent, ... and DFC. As the rep ort is b eing nalized, we also added some new preliminary cryptanalysis on RC6 and Crypton in the App endix which are not considered in the main b o dy of the rep ort. Designing the encryption standard of the rst twentyyears of the twenty rst century is a challenging task: we need to predict p ossible future technologies, and wehavetotake unknown future attacks in account. Following the AES pro cess initiated by NIST, we organized an op en working group at the Ecole Normale Sup erieure. This group met two hours a week to review the AES candidates. The present do cument rep orts its results. Another task of this group was to up date the DFC candidate submitted by CNRS [16, 17] and to answer questions which had b een omitted in previous 1 rep orts on DFC.
    [Show full text]
  • The Long Road to the Advanced Encryption Standard
    The Long Road to the Advanced Encryption Standard Jean-Luc Cooke CertainKey Inc. [email protected], http://www.certainkey.com/˜jlcooke Abstract 1 Introduction This paper will start with a brief background of the Advanced Encryption Standard (AES) process, lessons learned from the Data Encryp- tion Standard (DES), other U.S. government Two decades ago the state-of-the-art in cryptographic publications and the fifteen first the private sector cryptography was—we round candidate algorithms. The focus of the know now—far behind the public sector. presentation will lie in presenting the general Don Coppersmith’s knowledge of the Data design of the five final candidate algorithms, Encryption Standard’s (DES) resilience to and the specifics of the AES and how it dif- the then unknown Differential Cryptanaly- fers from the Rijndael design. A presentation sis (DC), the design principles used in the on the AES modes of operation and Secure Secure Hash Algorithm (SHA) in Digital Hash Algorithm (SHA) family of algorithms Signature Standard (DSS) being case and will follow and will include discussion about point[NISTDSS][NISTDES][DC][NISTSHA1]. how it is directly implicated by AES develop- ments. The selection and design of the DES was shrouded in controversy and suspicion. This very controversy has lead to a fantastic acceler- Intended Audience ation in private sector cryptographic advance- ment. So intrigued by the NSA’s modifica- tions to the Lucifer algorithm, researchers— This paper was written as a supplement to a academic and industry alike—powerful tools presentation at the Ottawa International Linux in assessing block cipher strength were devel- Symposium.
    [Show full text]
  • Mars Pathfinder
    NASA Facts National Aeronautics and Space Administration Jet Propulsion Laboratory California Institute of Technology Pasadena, CA 91109 Mars Pathfinder Mars Pathfinder was the first completed mission events, ending in a touchdown which left all systems in NASAs Discovery Program of low-cost, rapidly intact. developed planetary missions with highly focused sci- The landing site, an ancient flood plain in Mars ence goals. With a development time of only three northern hemisphere known as Ares Vallis, is among years and a total cost of $265 million, Pathfinder was the rockiest parts of Mars. It was chosen because sci- originally designed entists believed it to as a technology be a relatively safe demonstration of a surface to land on way to deliver an and one which con- instrumented lander tained a wide vari- and a free-ranging ety of rocks robotic rover to the deposited during a surface of the red catastrophic flood. planet. Pathfinder In the event early in not only accom- Mars history, sci- plished this goal but entists believe that also returned an the flood plain was unprecedented cut by a volume of amount of data and water the size of outlived its primary North Americas design life. Great Lakes in Pathfinder used about two weeks. an innovative The lander, for- method of directly mally named the entering the Carl Sagan Martian atmos- Memorial Station phere, assisted by a following its suc- parachute to slow cessful touchdown, its descent through and the rover, the thin Martian atmosphere and a giant system of named Sojourner after American civil rights crusader airbags to cushion the impact.
    [Show full text]
  • Miss in the Middle Attacks on IDEA and Khufu
    Miss in the Middle Attacks on IDEA and Khufu Eli Biham? Alex Biryukov?? Adi Shamir??? Abstract. In a recent paper we developed a new cryptanalytic techni- que based on impossible differentials, and used it to attack the Skipjack encryption algorithm reduced from 32 to 31 rounds. In this paper we describe the application of this technique to the block ciphers IDEA and Khufu. In both cases the new attacks cover more rounds than the best currently known attacks. This demonstrates the power of the new cryptanalytic technique, shows that it is applicable to a larger class of cryptosystems, and develops new technical tools for applying it in new situations. 1 Introduction In [5,17] a new cryptanalytic technique based on impossible differentials was proposed, and its application to Skipjack [28] and DEAL [17] was described. In this paper we apply this technique to the IDEA and Khufu cryptosystems. Our new attacks are much more efficient and cover more rounds than the best previously known attacks on these ciphers. The main idea behind these new attacks is a bit counter-intuitive. Unlike tra- ditional differential and linear cryptanalysis which predict and detect statistical events of highest possible probability, our new approach is to search for events that never happen. Such impossible events are then used to distinguish the ci- pher from a random permutation, or to perform key elimination (a candidate key is obviously wrong if it leads to an impossible event). The fact that impossible events can be useful in cryptanalysis is an old idea (for example, some of the attacks on Enigma were based on the observation that letters can not be encrypted to themselves).
    [Show full text]
  • Applied Cryptography and Data Security
    Lecture Notes APPLIED CRYPTOGRAPHY AND DATA SECURITY (version 2.5 | January 2005) Prof. Christof Paar Chair for Communication Security Department of Electrical Engineering and Information Sciences Ruhr-Universit¨at Bochum Germany www.crypto.rub.de Table of Contents 1 Introduction to Cryptography and Data Security 2 1.1 Literature Recommendations . 3 1.2 Overview on the Field of Cryptology . 4 1.3 Symmetric Cryptosystems . 5 1.3.1 Basics . 5 1.3.2 A Motivating Example: The Substitution Cipher . 7 1.3.3 How Many Key Bits Are Enough? . 9 1.4 Cryptanalysis . 10 1.4.1 Rules of the Game . 10 1.4.2 Attacks against Crypto Algorithms . 11 1.5 Some Number Theory . 12 1.6 Simple Blockciphers . 17 1.6.1 Shift Cipher . 18 1.6.2 Affine Cipher . 20 1.7 Lessons Learned | Introduction . 21 2 Stream Ciphers 22 2.1 Introduction . 22 2.2 Some Remarks on Random Number Generators . 26 2.3 General Thoughts on Security, One-Time Pad and Practical Stream Ciphers 27 2.4 Synchronous Stream Ciphers . 31 i 2.4.1 Linear Feedback Shift Registers (LFSR) . 31 2.4.2 Clock Controlled Shift Registers . 34 2.5 Known Plaintext Attack Against Single LFSRs . 35 2.6 Lessons Learned | Stream Ciphers . 37 3 Data Encryption Standard (DES) 38 3.1 Confusion and Diffusion . 38 3.2 Introduction to DES . 40 3.2.1 Overview . 41 3.2.2 Permutations . 42 3.2.3 Core Iteration / f-Function . 43 3.2.4 Key Schedule . 45 3.3 Decryption . 47 3.4 Implementation . 50 3.4.1 Hardware .
    [Show full text]
  • Applications of Search Techniques to Cryptanalysis and the Construction of Cipher Components. James David Mclaughlin Submitted F
    Applications of search techniques to cryptanalysis and the construction of cipher components. James David McLaughlin Submitted for the degree of Doctor of Philosophy (PhD) University of York Department of Computer Science September 2012 2 Abstract In this dissertation, we investigate the ways in which search techniques, and in particular metaheuristic search techniques, can be used in cryptology. We address the design of simple cryptographic components (Boolean functions), before moving on to more complex entities (S-boxes). The emphasis then shifts from the construction of cryptographic arte- facts to the related area of cryptanalysis, in which we first derive non-linear approximations to S-boxes more powerful than the existing linear approximations, and then exploit these in cryptanalytic attacks against the ciphers DES and Serpent. Contents 1 Introduction. 11 1.1 The Structure of this Thesis . 12 2 A brief history of cryptography and cryptanalysis. 14 3 Literature review 20 3.1 Information on various types of block cipher, and a brief description of the Data Encryption Standard. 20 3.1.1 Feistel ciphers . 21 3.1.2 Other types of block cipher . 23 3.1.3 Confusion and diffusion . 24 3.2 Linear cryptanalysis. 26 3.2.1 The attack. 27 3.3 Differential cryptanalysis. 35 3.3.1 The attack. 39 3.3.2 Variants of the differential cryptanalytic attack . 44 3.4 Stream ciphers based on linear feedback shift registers . 48 3.5 A brief introduction to metaheuristics . 52 3.5.1 Hill-climbing . 55 3.5.2 Simulated annealing . 57 3.5.3 Memetic algorithms . 58 3.5.4 Ant algorithms .
    [Show full text]
  • MARS and the AES Selection Criteria IBM MARS Team May 15, 2000
    MARS and the AES Selection Criteria IBM MARS Team May 15, 2000 Abstract As the AES selection process enters its final days, it sometimes seems that the discussion has been reduced to a “beauty contest”, with various irrelevant or red herring issues presented as the differentiating factors between the five finalists. In this note, we discuss the criteria that should (or should not) serve as the basis for selecting an AES winner, and we compare MARS to the other finalists based on these criteria. Also, we examine several of these “beauty contest” issues that were raised, and demonstrate that when subjected to closer scrutiny they turn out to be meaningless. 1 Security and Robustness Although everyone seems to agree that security should be the main criterion for selection, what different people see as the implications of this statement vary widely. It is generally agreed that barring a substantial breakthrough in cryptanalysis, all the finalists are secure. Therefore, some would argue that we should view all ciphers as secure and concentrate on performance and flexibility issues as the selection criteria. This argument is flawed and we strongly disagree with it. With two substantial cryptanalytic breakthroughs in the last ten years (differential and linear cryptanalysis), betting “The Store” (i.e., the security of the AES) on the assumption that no further cryptanalytic breakthroughs will occur, is risky and possibly even dangerous. We postulate that the main criterion for the choice of an AES winner is and should be robustness against future advances in cryptanalysis. With 128 bit blocks and key lengths up to 256 bits, there is no technological reason why the AES cannot withstand brute force key exhaustion attacks for a very long time (25 years, 50 years, perhaps longer).
    [Show full text]
  • Comparative Analysis of Advanced Encryption Standard, Blowfish and Rivest Cipher 4 Algorithms
    www.ijird.com November, 2014 Vol 3 Issue 11 ISSN 2278 – 0211 (Online) Comparative Analysis of Advanced Encryption Standard, Blowfish and Rivest Cipher 4 Algorithms Adolf Fenyi Researcher, Kwame Nkrumah University of Science and Technology, Knust, Ghana Joseph G. Davis Lecturer, Kwame Nkrumah University of Science and Technology, Knust, Ghana Dr. Kwabena Riverson Head of Programme CSIR Institute of Industrial Research Accra, Ghana Abstract: Cryptography is one of the main categories of computer security that converts information from its normal form into an unreadable form. The two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.Cryptography is required to transmit confidential information over the network. It is also demanding in wide range of applications which includes mobile and networking applications. Cryptographic algorithms play a vital role in providing the data security against malicious attacks. But on the other hand, they consume significant amount of computing resources like CPU time, memory, encryption time etc. Normally, symmetric key algorithms are preferred over asymmetric key algorithms as they are very fast in nature. Symmetric algorithms are classified as block cipher and stream ciphers algorithms. In this research project, I comparedthe AES and Blowfish algorithms with different modes of operation (ECB, CBC, and CFB) and RC4 algorithm (stream cipher) in terms encryption time, decryption time, memory utilization and throughput at different settings likevariable key size and variable data packet size.A stimulation program is developed using PHP and JavaScript scripting languages. The program encrypts and decrypts different file sizes ranging from 1MB to 50MB.
    [Show full text]
  • Encrypting Volumes Chapter
    61417_CH09_Smith.fm Page 383 Tuesday, April 26, 2011 11:25 AM © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION ENCRYPTING VOLUMES CHAPTER © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR 9SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOTABOUT FOR SALE THIS ORCHAPTER DISTRIBUTION NOT FOR SALE OR DISTRIBUTION In this chapter, we look at the problem of protecting an entire storage device, as opposed to protecting individual files. We look at the following: © Jones & Bartlett •Learning,Risks and policyLLC alternatives for protecting© Jones drive contents & Bartlett Learning, LLC NOT FOR SALE OR• DISTRIBUTIONBlock ciphers that achieve high securityNOT FOR SALE OR DISTRIBUTION • Block cipher encryption modes • Hardware for volume encryption • Software for volume encryption © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 9.1 SecuringNOT FORa Volume SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION When we examined file systems in Section 5.1, Bob and Tina suspected that their survey report was leaked through file scavenging: Someone looked at the “hidden” places on © Jonesthe hard & Bartlettdrive. We canLearning, avoid such LLC attacks and protect everything© Jones on the hard& Bartlett drive, Learning, LLC NOTincluding FOR SALE the boot OR blocks, DISTRIBUTION directory entries, and free space, if weNOT encrypt FOR the SALE entire driveOR DISTRIBUTION volume. Note how we use the word volume here: It refers to a block of drive storage that con- tains its own file system. It may be an entire hard drive, a single drive partition, a remov- able USB drive, or any other mass storage device.
    [Show full text]
  • AES, Blowfish and Twofish for Security of Wireless Networks
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 06 | June 2020 www.irjet.net p-ISSN: 2395-0072 Comparison of Encryption Algorithms: AES, Blowfish and Twofish for Security of Wireless Networks Archisman Ghosh Department of Computer Science & Engineering, National Institute of Technology, Durgapur, West Bengal, India --------------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Encryption is the process of encoding data to A secure WiFi system uses algorithms such as DES, RSA, prevent unauthorized access. Cyber security is the need of AES, Blowfish and Twofish to secure the communication the hour which ensures transfer of data across the internet over seemingly unsecured Internet channels. In addition, with confidentiality and integrity, and provides protection the existing cryptographic algorithm is based on an against malicious attacks. In this research paper, encryption model designed by Horst Feistel of IBM [4]. comparison between the encryption algorithms, viz. AES (Advanced Encryption Standard), Blowfish, and Twofish is In this paper, a comparative study of the cryptographic done in terms of time of encryption and decryption, and algorithms: AES, Blowfish and Twofish has been done and their throughput, and the results are analysed indicating the the results have been analysed in order to find the superiority of Twofish over AES and Blowfish as a viable algorithm most suitable for encrypting data in wireless algorithm for data encryption in wireless networks. networks. Keywords: Cryptography, Network security, AES, 2. Overview of the algorithms Blowfish, Twofish, Secure communication. 2.1 AES 1. Introduction The Advanced Encryption Standard (AES) is a Owing to the advancement in internet accessibility and cryptographic algorithm for encryption of electronic data networking, most of the security sensitive stuff like established by the U.S.
    [Show full text]
  • A New Stream Cipher HC-256
    A New Stream Cipher HC-256 Hongjun Wu Institute for Infocomm Research 21 Heng Mui Keng Terrace, Singapore 119613 [email protected] Abstract. Stream cipher HC-256 is proposed in this paper. It generates keystream from a 256-bit secret key and a 256-bit initialization vector. HC-256 consists of two secret tables, each one with 1024 32-bit elements. The two tables are used as S-Box alternatively. At each step one element of a table is updated and one 32-bit output is generated. The encryption speed of the C implementation of HC-256 is about 1.9 bit per clock cycle (4.2 clock cycle per byte) on the Intel Pentium 4 processor. 1 Introduction Stream ciphers are used for shared-key encryption. The modern software efficient stream ciphers can run 4-to-5 times faster than block ciphers. However, very few efficient and secure stream ciphers have been published. Even the most widely used stream cipher RC4 [25] has several weaknesses [14, 16, 22, 9, 10, 17, 21]. In the recent NESSIE project all the six stream cipher submissions cannot meet the stringent security requirements [23]. In this paper we aim to design a very simple, secure, software-efficient and freely-available stream cipher. HC-256 is the stream cipher we proposed in this paper. It consists of two secret tables, each one with 1024 32-bit elements. At each step we update one element of a table with non-linear feedback function. Every 2048 steps all the elements of the two tables are updated.
    [Show full text]
  • Selecting the Advanced Encryption Standard
    Encryption Standards Selecting the Advanced Encryption Standard The US National Institute of Standards and Technology selected the Advanced Encryption Standard, a new standard symmetric key encryption algorithm, from 15 qualifying algorithms. NIST has also made efforts to update and extend their standard cryptographic modes of operation. there was even a possibility that a back he Advanced Encryption Standard (AES) is the door might have been introduced that let new standard encryption algorithm that will re- the US National Security Agency (NSA) illicitly decrypt WILLIAM E. place the widely used Data Encryption Standard messages. However, in 1991, when Eli Biham and Adi BURR (DES). When the National Institute of Stan- Shamir discovered differential cryptanalysis, which was National Tdards and Technology (NIST) set out to develop a new previously unknown in the open literature, it turned out Institute of encryption standard in 1997, it set in motion a chain of ac- that those changes to the S-boxes made the final version Standards and tivities that promises to build a foundation for stronger and considerably more resistant to attack than the original Technology better cryptographic standards for the 21st century, which version. The general belief (never explicitly confirmed) is vital in this era of e-commerce and e-government. is that the NSA told IBM enough to help them make DES resistant to such attacks.3,4 Replacing the DES The DES has proven itself over the years. It has be- In 1973, NIST’s predecessor organization, the National come the standard to which all block ciphers are com- Bureau of Standards (NBS), invited interested parties to pared.
    [Show full text]