Chap. 3. Symmetric Key Crypto - Dankooksecuresw.dankook.ac.kr/ISS18-1/ISS_2018_08_Symmetric_Key...Introduction to SW Security Chap. 3. Symmetric Key Crypto (Block Ciphers) Spring,

Introduction to SW Security

Chap. 3. Symmetric Key Crypto(Block Ciphers)

Spring, 2018

Cho, Seong-je (조성제)

sjcho at dankook.ac.kr

Computer Security & OS Lab, DKU

Many slides taken from Textbook (Its site), and Web sites

• Textbook

• M. T. Goodrich and R. Tamassia, Introduction to Computer Security, Pearson (Addison-Wesley)

http://www.pearsonhighered.com/pearsonhigheredus/educator/product/products_detail.page?isbn=0321512944&forced_logout=forced_logged_out

Many photos in presentation licensed from google images or wikipedia

Computer Security & OS Lab, DKU 2

http://www.pearsonhighered.com/pearsonhigheredus/educator/product/products_detail.page?isbn=0321512944&forced_logout=forced_logged_out

Cryptography

Contents

Symmetric Key Crypto ● Block cipher

− DES (Data Encryption Standard)

− AES (Advanced Encryption Standard) : Rijndael (rain-dahl)

● Block cipher modes of operation

● Stream cipher

3Computer Security & OS Lab, DKU

Cryptography

Learning Objectives

After studying this, you should be able to:

Explain the basic operation of symmetric block encryption algorithms

Describe the structure and function of AES

Distinguish among the major block cipher modes of operation

Understand its inner working and uses

Focus more on the “how” than the “why”● To understand :”why” -> need to understand cryptanalysis (Chapter 6)

Discuss the issues involved in key distribution


Cryptography

Block Cipher

Plaintext and Ciphertext consists of fixed sized blocks

Design goal: security and efficiency● It is not easy to design a block cipher that is secure and efficient

Block cipher key determines a “electronic” codebook● Each key yields a different codebook

Employ both “confusion” and “diffusion” Example of Block ciphers

● DES, AES, SEED, Blowfish, RC6

● International Data Encryption Algorithm (IEDA)


Cryptography

Block Ciphers

Blocks of letters encrypted simultaneously● Many modern cryptosystems (AES, RSA) are also block ciphers

In a block cipher:● Plaintext and ciphertext have fixed length b (e.g., 128 bits)

● A plaintext of length n is partitioned into a sequence of m blocks, P[0], …, P[m1], where n b*m n + b

Each message is divided into a sequence of blocks and encrypted or decrypted in terms of its blocks.

Cryptography6

Plaintext

Blocks ofplaintext

Requires paddingwith extra bits.

Cryptography

(Iterated) Block Cipher

Ciphertext obtained from

plaintext by iterating a round

function

Input to round function

consists of key and the output

of previous round

Usually implemented in

software

Typical Type is Feistel Cipher


Cryptography

Feistel Cipher

Feistel cipher refers to a type of block cipher design, not a specific cipher

Split plaintext block into left and right halves: Plaintext = (L0,R0)

For each round i=1,2,...,n, compute

Li= Ri1

Ri= Li1 F(Ri1,Ki)

where F is round function and Ki is subkey

Ciphertext = (Ln,Rn)


Decryption: Ciphertext = (Ln,Rn)

For each round i=n,n1,…,1, compute

Ri1 = Li

Li1 = Ri F(Ri1,Ki)

where F is round function and Ki is subkey

Plaintext = (L0,R0)

Formula “works” for any function F

But only secure for certain functions F

Ex: F(Ri-1, Ki) = 0 for all Ri-1 and Ki -> not secure

Cryptography

Padding

Block ciphers require the length n of the plaintext to be a multiple of

the block size b

Padding the last block needs to be unambiguous (cannot just add

zeroes)

When the block size and plaintext length are a multiple of 8, a

common padding method (PKCS5) is a sequence of identical bytes,

each indicating the length (in bytes) of the padding

Example for b = 128 bits (16 bytes)

● Plaintext: “Roberto” (7 bytes)

● Padded plaintext: “Roberto999999999” (16 bytes), where 9 denotes the

number and not the character

We need to always pad the last block, which may consist only of

padding

Cryptography9

Cryptography

Block Ciphers in Practice

Data Encryption Standard (DES)

● Developed by IBM and adopted by NIST in 1977

● Based on IBM Lucifer cipher

● DES is a Feistel cipher

− 64-bit blocks and 56-bit keys

− 16 rounds

− 48 bits of key used each round (subkey)

● Security depends primarily on “S-boxes”

− Each S-boxes maps 6 bits to 4 bits

− Total 8 S-boxes

● Small key space makes exhaustive search attack feasible since late 90s


Cryptography

One Round of DES


L

expandL

R

S-boxes(8)

P Box

L R

key

R

Compress

key

48

32 32

32

48

32

32

32

48

28

2828

28

28 28

Next Slide

Cryptography

DES S-box

8 “substitution boxes” or S-boxes Each S-box maps 6 bits to 4 bits S-box number 1


0000

0001

0010

0011

0100

0101

0110

0111

1000

1001

1010

1011

1100

1101

1110

1111

00

1110

0100

1101

0001

0010

1111

1011

1000

0011

1010

0110

1100

0101

1001

0000

0111

01

0000

1111

0111

0100

1110

0010

1101

0001

1010

0110

1100

1011

1001

0101

0011

1000

10

0100

1101

1110

1000

1101

0110

0010

1011

1111

1100

1001

0111

0011

1010

0101

0000

11

1111

1100

1000

0010

0100

1001

0001

0111

0111

1011

0011

1110

1010

0000

0110

1101

input bits (0,5)

input bits (1,2,3,4)

Cryptography

Security of DES

Security of DES depends a lot on S-boxes

● Everything else in DES is linear

Thirty years of intense analysis has revealed no “back

door”

Attacks today use exhaustive key search

Inescapable conclusions

● Designers of DES knew what they were doing

● Designers of DES were ahead of their time


Cryptography

Block Ciphers in Practice

Triple DES (3DES)

● Nested application of DES with three different keys KA, KB, and KC

● Effective key length is 168 bits, making exhaustive search attacks unfeasible

● C = EKC(DKB(EKA(P))); P = DKA(EKB(DKC(C)))

● Equivalent to DES when KA=KB=KC (backward compatible)

But practically, Triple DES is

C = E(D(E(P,K1),K2),K1)

P = D(E(D(C,K1),K2),K1)

(112 bit key)

Advanced Encryption Standard (AES)

● Selected by NIST in 2001 through open international competition and public discussion

● 128-bit blocks and several possible key lengths: 128, 192 and 256 bits

● Exhaustive search attack not currently possible

● AES-256 is the symmetric encryption algorithm of choice

14

Cryptography

DES vs. AES

Date?


Cryptography

Triple DES


Advanced Encryption Standard(AES)

AES animation: http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf

http://poincare.matf.bg.ac.rs/~ezivkovm/nastava/rijndael_animacija.swf

http://www.ccna-security.net/wp-content/uploads/2008/10/rijndael_ingles2004.swf

17

http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf

http://poincare.matf.bg.ac.rs/~ezivkovm/nastava/rijndael_animacija.swf

http://www.ccna-security.net/wp-content/uploads/2008/10/rijndael_ingles2004.swf

Cryptography

AES Crypt

A file encryption software available on several operating systems that uses the industry standard AES to easily and securely encrypt files.

● You do not need to be an expert to use AES Crypt, nor do you need to understand cryptography.

Using a powerful 256-bit encryption algorithm, AES Crypt can safely secure your most sensitive files.

AES Crypt is completely free open source software

https://www.aescrypt.com/


https://www.aescrypt.com/

Cryptography

How was AES created?

DES was broken: Key size is too small ← Brute force attack is possible

● Attacked by exhaustive key search: Special purpose DES crackers and distributed attack at internet

Triple-DES is very resistant to crypto analysis but,● No efficient software code

● Too slow: 3 times as many rounds as DES

● 3DES use 64-bit block size: for reasons of both efficient and security, a larger block size desirable

● So, 3DES is not solution for long-term use

In 1997, NIST made a formal call for advanced encryption standard algorithms


Cryptography

How was AES created?

Goal: ● replace DES for both government and private sector encryption

AES Competition Requirements● Unclassified, publicly disclosed encryption algorithm, available royalty-

free, worldwide.

● Private key symmetric block cipher

● Block sizes of 128-bits, 128/192/256-bit keys

● Stronger & faster than Triple-DES

● Provide full specification & design details

● Both C & Java implementations

15 candidates accepted in Jun 98

5 were shortlisted in Aug 99● Rijndael, MARS, RC6, Serpent, Twofish


Cryptography

AES Evaluation Criteria

initial criteria:● security – effort for practical cryptanalysis

− Resistance to cryptanalysis, soundness of math, randomness of output, etc.

● Speed – in terms of computational efficiency (cost) and memory requirements

● algorithm & implementation characteristics− Flexibility, hardware & software suitability, algorithm simplicity

final criteria● general security: 3년의평가기간동안암호학계에서수행된보안성분석

● ease of software & hardware implementation

● implementation attacks− 시간공격: 컴퓨터가메시지를해독하는데걸리는시간을추적유지하여키결정

− 전력분석공격: 특정시간에소비한전력은처리되는데이터에관련됨 (1을write하는것이 0을 write하는 것보다많은전력소비)

● flexibility (in en/decrypt, keying, other factors)− 키와블록크기에대한지원의용이성

− 새로운공격에대응하는라운드횟수의증가용이성


Cryptography

Comparison of AES, 3DES and DES


Cryptography

The AES Cipher - Rijndael

Rijndael (rain-dahl) was selected as the AES in Oct-2000● Designed by Vincent Rijmen (빈센트라이먼) and Joan Daemen (존데이먼) in Belgium

● Issued as FIPS PUB 197 standard in Nov-2001

An iterative rather than Feistel cipher● Iterated block cipher (like DES)

● Not a Feistel cipher (unlike DES)

● processes data as block of 4 columns of 4 bytes (128 bits)

● operates on entire data block in every round


AES

Plaintext (128 bits)

Ciphertext (128 bits)

Key (128-256 bits)

Cryptography

The Advanced Encryption Standard (AES)

AES is a block cipher that operates on 128-bit blocks.

● Key size of 128-, 192-, or 256-bits

● Variable number of rounds (10, 12, 14):

− 10 if B = K = 128 bits

− 12 if either B or K is 192 and the other is ≤ 192

− 14 if either B or K is 256 bits

● 128-bit round key used for each round:

− 128 bits = 16 bytes = 4 words

− needs Nr+1 round keys for Nr rounds

− needs 44 words for 128-bit key (10 rounds)

24

AES Round Structure

The 128-bit version of the AES encryption algorithm proceeds in ten rounds.

Each round performs an invertible transformation on a 128-bit array, called state.

‒ State: 4X4 array of bytes

‒ 128 bits = 16 bytes

The initial state X0 is the XOR of the plaintext P with the key K:

X0 = P XOR K.

Round i (i = 1, …, 10) receives state Xi-1 as input and produces state Xi.

The ciphertext C is the output of the final round: C = X10.

25

Cryptography

Overall Structure


Cryptography

AES Overview

Each round uses 4 functions (in 3 “layers”)

● 4 functions: 1 of permutation and 3 substitutions

● 3 layers: Linear, Nonlinear and Key addition

Permutation

● Linear mixing layer: ShiftRow (State)

Substitutions

● Nonlinear layer: SubBytes (State, S-box)

● Nonlinear layer: MixColumn (State)

● Key addition layer: AddRoundKey (State, KeyNr)


Cryptography

Multiple Rounds

Rounds are (almost) identical

● First and last round are a little different


AES parameters

• Nb – Number of columns in the State

• Nb = 4

• Nk – Number of 32-bit words in the Key

• Nk = 4, 6, or 8

• Nr – Number of rounds (function of Nb and Nk)

• Nr = 10, 12, or 14

128 bits = 16 bytes = 4-by-4 table of bytes = 4 words (1 word= 4 bytes)

Cryptography

Data Unit

128 bits = 16 bytes = 4-by-4 table of bytes = 4 words (1 word= 4 bytes)


Cryptography

High level description

Changing Plaintext to State: 1 block = 128 bits = 16 bytes = a 4-by-4 array of states

● Total 16 states: each state si,j = 8 bits = 1 byte


• Round keys are derived from the cipher key using Rijndael's key scheduleKey Expansion

• AddRoundKey : Each byte of the state is combined with the round key using bitwise xorInitial Round

• SubBytes : non-linear substitution step

• ShiftRows : transposition step

• MixColumns : mixing operation of each column.

• AddRoundKey

Rounds

• SubBytes

• ShiftRows

• AddRoundKeyFinal Round

Cryptography

AES: High-Level Description

State: 4 X 4 array of bytes: 128 bits = 16 bytes


State = XAddRoundKey(State, Key0) (op1)for r = 1 to Nr - 1

SubBytes(State, S-box) (op2)ShiftRows(State) (op3)MixColumns(State) (op4)AddRoundKey(State, KeyNr)

endforSubBytes(State, S-box)ShiftRows(State)AddRoundKey(State, KeyNr)Y = State

Cryptography

Changing Plaintext to State

128 bits = 16 bytes = 16 states = 4 words

32

Cryptography

Each Round

Each round is built from four basic steps:1. SubBytes step: an

S-box substitution step

2. ShiftRows step: a permutation step

3. MixColumns step: a matrix multiplication step

4. AddRoundKey step: an XOR step with a round key derived from the 128-bit encryption key


Cryptography

1. SubBytes step

The SubBytes operation involves 16 independent byte-to-byte transformations.


S1,1 = xy16

• Interpret the byte as two hexadecimal digits xy

• SW implementation, use row (x) and column (y) as lookup pointer

00 44 88 CC

11 55 99 DD

22 66 AA EE

33 77 BB FF

Cryptography

1. SubBytes step

Replace each byte in the state array with its corresponding value from the S-Box

There is an InvSubBytes Table for decryption

● The SubBytes and InvSubBytes transformations are inverses of each other


Cryptography

AES “S-box”

Example: 0x53 is replaced with 0xED


First 4bits ofinput

Last 4 bits of input

Cryptography

2. ShifRows step

Shifting, which permutes the bytes.

A circular byte shift in each each● 1st row is unchanged

● 2nd row does 1 byte circular shift to left

● 3rd row does 2 byte circular shift to left

● 4th row does 3 byte circular shift to left

In the encryption, the transformation iscalled ShiftRows

In the decryption, the transformation iscalled InvShiftRows and the shifting is to theright


Cryptography

2. ShifRows step


ShiftRows and InvShiftRows

Cryptography

3. MixColumns step

ShiftRows and MixColumns provide diffusion to the cipher

Each column is processed separately

Each byte is replaced by a value dependent on all 4 bytes in the column

Effectively a matrix multiplication in GF(28) using prime poly m(x) =x8+x4+x3+x+1


Cryptography

3. MixColumns step

The MixColumns transformation operates at the column level; it transforms each column of the state to a new column.


S’0,c = ({02} S0,c) ({03} S1,c) S2,c S3,c

S’1,c = S0,c ({02} S1,c) ({03} S2,c) S3,c

S’2,c = S0,c S1,c ({02} S2,c ) ({03} S3,c)

S’3,c = ({03} S0,c) S1,c S2,c ({02} S3,c

Cryptography

4. AddRoundKey

XOR state with 128-bits of the RoundKey (Subkey)

● RoundKey (subkey) determined by key schedule algorithm

● takes 128-bits (16-bytes) key and expands into array of 44 32-bit words

AddRoundKey proceeds one column at a time.

● adds a round key word with each state column matrix

● the operation is matrix addition

Inverse for decryption identical

● since XOR own inverse, with reversed keys


Cryptography

4. AddRoundKey

Example of expansion of a 128-bit cipher key

Cipher key = 2b7e151628aed2a6abf7158809cf4f3c

w0=2b7e1516 w1=28aed2a6 w2=abf71588 w3=09cf4f3c


Cryptography

Key Expansion Scheme

takes 128-bits (16-bytes) key and expands into array of 44 32-bit words


Cryptography

Key Expansion Scheme

라운드상수● 각라운드상수 RCon은 4바이트값으로오른쪽의 3바이트는 0

● [표] 각라운드에서사용하는상수값 RCon


Cryptography

AES Round Summary


Cryptography

AES Decryption

To decrypt, process must be invertible

● Inverse of AddRoundKey is easy, since is its own inverse

● MixColumn is invertible (inverse is also implemented as a lookup table)

● Inverse of ShiftRow is easy (cyclic shift the other direction)

● SubBytes is invertible (inverse is also implemented as a lookup table)


Cryptography

AES Design Rationale

Substitute Bytes ● To be resistant to known cryptanalytic attacks by making a low

correlation between input bits and output bits.

Shift Row● Note input and output are treated as State(4X4 array)

● To move an individual byte from one column to another

Mix Column● To ensure a good mixing the bytes of each column

Add Round Key● To affect every bit of State

● The complexity of the round key expension ensure security


Block cipher modes of operation

ECB / CBC / CFB / OFB / CTR

Computer Security & OS Lab, DKU 48

Cryptography

Symmetric cipher encryption

How to encrypt multiple blocks?

● A new key for each block?

− As bad as (or worse than) a one-time pad!

● Encrypt each block independently?

● Make encryption depend on previous block(s), i.e., “chain” the blocks

together?

● How to handle partial blocks?


Cryptography

Mode of operation of Block Cipher

블록암호는특정한길이의블록단위로동작하기때문에, 가변길이데이터를

암호화하기위해서는먼저이들을단위블록들로나누어야하며, 그리고그

블록들을어떻게암호화할지를정해야하는데, 이때블록들의암호화방식을

운용모드라고부른다

● Block: a fixed-length data

● A mode of operation describes how to repeatedly apply a cipher's single-block operation to

securely transform amounts of data larger than a block

평문의길이가블록암호의블록크기보다클경우에는어떻게블록암호를

적용할것인가?

이런문제점을해결하고다양한응용환경하에적절한암호화도구로사용할수

있는여러유형의효율적인운영방식들을제시하고있다.

이러한방식들을블록암호모드라고한다.


Cryptography

Modes of Operations

Block Cipher Modes

● The way a block cipher encrypts and decrypts a sequence of message blocks.

● Many encryption ways (modes of operation) for multiple block cipher

Mode of operation of Block cipher

● Electronic Codebook (ECB) mode

− Encrypt each block independently

● Cipher-Block Chaining (CBC) mode

− Chain the blocks together

− More secure than ECB, virtually no extra work

● Cipher-Feedback (CFB) mode

● Output Feedback (OFB) mode

● Counter (CTR) mode

− Popular for random access

● Data integrity of block cipher

− Message Authentication code (MAC)


Cryptography

ECB Mode

Electronic Code Book (ECB) Mode (is the simplest):

● Block P[i] encrypted into ciphertext block C[i] = EK(P[i])

● Block C[i] decrypted into plaintext block M[i] = DK(C[i])

52Public domain images from http://en.wikipedia.org/wiki/File:Ecb_encryption.png and http://en.wikipedia.org/wiki/File:Ecb_decryption.png

Cryptography

ECB Cut and Paste Attack

Suppose plaintext is Alice digs Bob. Trudy digs Tom.

Assuming 64-bit blocks and 8-bit ASCII:P0 = “Alice di”, P1 = “gs Bob. ”,

P2 = “Trudy di”, P3 = “gs Tom. ”

Ciphertext: C0, C1, C2, C3

Trudy cuts and pastes attack: C0, C3, C2, C1

Decrypts asAlice digs Tom. Trudy digs Bob.


Cryptography

EBC Weakness

Suppose Pi = Pj

Then Ci = Cj and Trudy knows Pi = Pj

This gives Trudy some information, even if she does not know Pi

or Pj

● We should not give the cryptanalyst anything for free.

Trudy might know Pi

Alice’s original image &

Alice’s encrypted image

Why does this happen?

● Same plaintext block Same ciphertext!


Strengths and Weaknesses of ECB

55

Strengths: Is very simple

Allows for parallel encryptions of the blocks of a plaintext

Can tolerate the loss or damage of a block

Weakness: 동일한 평문 블록이 동일한 암호문

블록으로 나타남

Documents and images are not

suitable for ECB encryption since

patters in the plaintext are

repeated in the ciphertext:

• 암호문을 보면 평문 속에 패턴이 반복됨을 알 수 있음

• 블록 위치 변조 공격 가능: 공격자가 암호문 블록을서로 변경할 경우, 수신자가 모를 수 있음

Cryptography

Cipher Block Chaining (CBC) Mode

Blocks are “chained” together

The previous ciphertext block is combined with the current plaintext block

C[i] = EK (C[i 1] P[i])

● C[1] = IV, is random initialization vector, but need not be secret

Decryption: P[i] = C[i 1] DK (C[i])

☞ 암호문블록이 1개파손되었다면,

암호문블록의길이가바뀌지않는다면복호화했을때에평문블록에미치는영향은 2개

블록에한정됨

56

DK

P[0]

DK

P[1]

DK

P[2]

DK

P[3]

IV

C[0] C[1] C[2] C[3]

EK

P[0]

EK

P[1]

EK

P[2]

EK

P[3]

IV

C[0] C[1] C[2] C[3]

CBC Encryption: CBC Decryption:

Strengths and Weaknesses of CBC

57

Weaknesses:

CBC requires the reliable

transmission of all the blocks

sequentially

It cannot be parallelized

CBC is not suitable for

applications that allow packet

losses (e.g., music and video

streaming)

Strengths: Identical plaintext blocks yield

different ciphertext blocks

Doesn’t show patterns in the plaintext

the most common mode

fast and relatively simple

Cut and paste is still possible, but more complex (and will cause garbles)

If C1 is garbled to, say, G then

P1 C0 D(G, K), P2 G D(C2, K)

But P3 = C2 D(C3, K), P4 = C3 D(C4, K),…

Automatically recovers from errors!

Cryptography

Counter (CTR) mode

CTR is popular for random access

Every step of encryption and decryption can be in parallel

● We perform encryption through an exclusive-or with a generated pad

We start with a random seed, Counter (= IV)


http://www.google.co.kr/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=pUvbjY24MOvClM&tbnid=dvOk1yPrUUmhhM:&ved=0CAUQjRw&url=http://flylib.com/books/en/3.190.1.62/1/&ei=WyIdU-SJMoPDlAXT44CYAw&bvm=bv.62578216,d.dGI&psig=AFQjCNEL5S8KXAj7e-AvR9cVf6wNIjdL_g&ust=1394503558426960

http://www.google.co.kr/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=pUvbjY24MOvClM&tbnid=dvOk1yPrUUmhhM:&ved=0CAUQjRw&url=http://flylib.com/books/en/3.190.1.62/1/&ei=WyIdU-SJMoPDlAXT44CYAw&bvm=bv.62578216,d.dGI&psig=AFQjCNEL5S8KXAj7e-AvR9cVf6wNIjdL_g&ust=1394503558426960

Cryptography

Java AES Encryption Example

Source

http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

Generate an AES key

KeyGenerator keygen = KeyGenerator.getInstance("AES");SecretKey aesKey = keygen.generateKey();

Create a cipher object for AES in ECB mode and PKCS5 padding

Cipher aesCipher;aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");

Encrypt

aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);byte[] plaintext = "My secret message".getBytes();byte[] ciphertext = aesCipher.doFinal(plaintext);

Decrypt

aesCipher.init(Cipher.DECRYPT_MODE, aesKey);byte[] plaintext1 = aesCipher.doFinal(ciphertext);

59

http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

Cryptography

Cryptography Libraries


Implementation Company Development source

Description

Libgcrypt GnuPGcommunity

and g10code

C http://www.linuxfromscratch.org/blfs/view/8.2/general/libgcrypt.html

OpenSSL The OpenSSL Project

C https://www.openssl.org/

libmcrypt C http://mcrypt.sourceforge.net/Replacement for the old crypt() package.

mcrypt (3) – Linux man page https://linux.die.net/man/3/mcrypt

MCRYPT mcrypt_module_open( char *algorithm, char* algorithm_directory, char* mode, char* mode_directory);

int mcrypt_generic_init( MCRYPT td, void *key, int lenofkey, void *IV);

int mcrypt_generic( MCRYPT td, void *plaintext, int len);

int mdecrypt_generic( MCRYPT td, void *ciphertext, int len);

int mcrypt_generic_end( MCRYPT td);

int mcrypt_generic_deinit( MCRYPT td);

…

http://www.linuxfromscratch.org/blfs/view/8.2/general/libgcrypt.html

https://www.openssl.org/

http://mcrypt.sourceforge.net/

https://linux.die.net/man/3/mcrypt

– 6 1 – 418750, S’15

Summary

Encryption provides confidentiality

AES was designed after DES. The algorithms used in AES are so simple that they can be easily

implemented using cheap processors and a minimum amount of memory.

Most of the known attacks on DES were already tested on AES.

Brute-Force Attack

AES is definitely more secure than DES due to the larger-size key.

Statistical Attacks

Numerous tests have failed to do statistical analysis of theciphertext

Computer Security & OS Lab.