Encryption Algorithms We will be looking at 3 industrial-strength encryption algorithms. The first encryption algorithm is called DES for data encryption standard. This standard was designed to encipher sensitive but non-classified data. It is bit oriented and uses both transposition and substitution. It is sometimes referred to as a product cipher. Its input, output, and encryption key are each 64 bits long. The set of 64 bits are referred to as blocks. This is a symmetric key encryption method. Data Encryption Standard (DES) In 1972 the National Bureau of Standards issued an RFP (Request for Proposal) with the following criteria: 1. able to provide a high level of security. 2. specified and easy to understand 3. publishable so that security does not depend on the secrecy of the algorithm 4. available to all users 5. adoptable for use in diverse applications 6. economical to implement in electronic devices 7. efficient to use 8. able to be validated 9. exportable The Bureau received no responses. It re-issued the RPF in 1974. IBM responded with the Lucifer Algorithm. Lucifer uses only simple logical operations on relatively small quantities. The algorithm was implemented fairly efficiently in both hardware and software on conventional computers of that time period. The characteristics of the algorithm are: Product Cipher - Both transposition & Substitution Worked on 64 bit chunks at a time, really 56 bits 16 keys, fixed 56 bit keys 16 iteration of encryption The graphic below indicates how one iteration of the algorithm works. Advanced Encryption Standard The AES (Advanced Encryption Standard) was put forward in 1997. It has yet to stand the test of time, but is likely to be the commercial-grade symmetric algorithm of choice for years if not decades. The requirements for the algorithm were 1. unclassified 2. publicly disclosed 3. available royalty-free for use worldwide 4. symmetric block cipher algorithm, for blocks of 128 bits 5. usable with key sizes of 128, 192, & 256 bits In 1999 the selected algorithm, submitted by two Dutch cryptographers (Rijmen and Daemen), was adopted in 1999. The characteristics of the algorithm are 1. Substitution 2. Transposition 3. Shift 4. Exclusive Or 5. Additions The algorithm’s operation is based on the length of the key that is used. 9, 11, or 13 cycles for keys of 128, 192, or 256 bits, respectively, determine the algorithm’s operation. Each cycle of the algorithm consists of 1. Byte substitution This is a confusion set that substitutes each byte of a 128-bit block according to a substitution table. This is similar to the DES algorithm. 2. Shift row This is a another confusion step that is implemented as a transposition step. Basically, row n is shifted left circular (n-1) bytes. 3. Mix column This operation provides confusion and diffusion. The step involves shifting left and exclusive-ORing bits with themselves. 4. add subkey This operation provides confusion and incorporates the key. In this step a portion of the key unique to this cycle is exclusively-ORed with the cycle results The graphic below depicts the algorithm. The following table compares DES and AES. DES AES Date 1976 1999 Block Size 64 bits 128 bits Key Length 56 bits (effective length) 128, 192, 256 (possible more) bits Encryption Substitution, Permutation Substitution, Shift, Bit Mixing Primitives Cryptographic Confusion, Diffusion Confusion, Diffusion Primitives Design Open Open Design Rationale Closed Open Selection Secret Secret, but accepted open public comment Process Source IBM, enhanced by NSA Independent Dutch cryptographers RSA (Rivest – Shamir – Adelman) Encryption The Rivest-Shamir-Adelman (RSA) cryptosystem is a public key system. This algorithm was first introduced in 1978 and to date remains secure. It has been subject to extensive cryptanalysis, and no serious flaws have been found. The RSA encryption algorithm combines results from number theory, specifically mathematics properties of prime factors of numbers. The two keys in RSA, d and e, are used for decryption and encryption respectively. The algorithm is described below. Exponentiation Cipher Choose 2 large prime numbers p and q N = p q Φ(n) = # of numbers less than n with no factors in common with n e.g. n = 10 1, 2, 3, 4, 5, 6, 7, 8, 9 Φ(10) = 4 Chose an integer e < n that is relatively prime to Φ(n) Find a second integer d e d mod Φ(n) = 1 The public key is ( e, n ), and the private key is d. e.g. p = 7 q = 3 n = 21 Φ(n) = (p – 1) ( q – 1) Φ(n) = 12 1, 21, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 Choose 11 e = 11 11 d mod 12 = 1 d = 11 Note: This is not a good example because we are using very small integers. Let m be a message c = me mod n m = cd mod n e.g. p = 7 q = 11 n = 77 Φ(n) = 60 choose 17 as the public key 17 d mod 60 = 1 d = 53 private key have to go through list until above is true Questions such as are we guaranteed to find at least 1 d? is there more than one d? All beyond the scope of this course….. e.g. H E L L O W O R L D Note: Bob encrypts using the public key and Alice decrypts using the private key Bob Encrypts: Plain Text: 07 04 11 11 14 26 22 14 17 11 03 Cipher Text: 717 mod 77 = 28 417 mod 77 = 16 1117 mod 77 = 44 Cipher Text: 28 16 44 44 …… encrypt using the public key Alice Decrypts: Using the Cipher Text: 28 16 44 44 42 38 42 19 44 75 Plain Text: 2853 mod 77 = 7 1653 mod 77 = 4 4453 mod 77 = 11 Plain Text: 7 4 11 11 14 26 22 14 17 11 3 .