Upload
desirae-klein
View
29
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Chapter 4. Confidentiality – Symmetric Encryption. Session 2 – Contents. Types of Crypto Systems Symmetric Encryption Stream Cipher Block Cipher Systems Asymmetric encryption Basic Theory of Enciphering Shift Registers Linear Shift Registers Non-Linear Combinations of LFSR Devices - PowerPoint PPT Presentation
Citation preview
Cryptography and Security Services: Mechanisms and Applications
Manuel [email protected]
M. Mogollon – 1
Chapter 4Chapter 4Confidentiality – Symmetric Encryption
M. Mogollon – 2 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Session 2 – Contents
• Types of Crypto Systems— Symmetric Encryption
– Stream Cipher– Block Cipher Systems
— Asymmetric encryption
• Basic Theory of Enciphering
• Shift Registers— Linear Shift Registers— Non-Linear Combinations of LFSR Devices
• Key Generators
• Block Ciphers— Data Encryption Standard (DES) (FIPS 46-3)— Modes of Operation (FIPS 81)— Triple DES (FIPS 46-3 and ANXI X9.52)— Advanced Encryption Standard (AES)
M. Mogollon – 3 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
What is Confidentiality?
• confidentiality / Protection against unauthorized individuals reading information that is supposed to be kept private. Confidentiality is achieved by enciphering the information using encryption algorithms.
M. Mogollon – 4 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Confidentiality
Encryption Algorithms
Symmetric Asymmetric
Stream Ciphers Block Cipher
Synchronous
Self-Synchronous
ECC
RSADES
Public-Key
Pohlig Hellman
OFB
CFB
ElGamal3DES
MARS
CAST
AES
Blowfish
RC5
IDEA
Schnorr
Confidentiality and its Security Mechanisms
Protection of data from unauthorized disclosure
RC4
M. Mogollon – 5 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Types of Crypto Systems
• Symmetric Cryptography – Secret Key— A single key serves as both the encryption and the decryption key.— Initial arrangements need to be made for individuals to share the
secret key.— Stream Ciphers and Block Ciphers (DES, AES)
• Asymmetric Cryptography – Public-Key— One key is used to encipher and another to decipher.— Privacy is achieved without having to keep the enciphering key
secret because a different key is used for deciphering.— Pohlig Hellman, Schnorr, RSA, ElGamal, and Elliptic Curve
Cryptography (ECC) are popular asymmetric crypto systems.
M. Mogollon – 6 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Symmetric Key Crypto System
• Security is based on the secret key, not on the encryption algorithm.
• The sharing of secret keys is necessary.
• Strengths: Fast, good for encrypting large amounts of data.
• Weakness: Key delivery.
• There are two types of symmetric crypto systems: Stream Cipher (RC4) and Block Ciphers (DES, AES, RC5, CAST, IDEA).
PlaintextPlaintext Encryption Algorithm
Encryption Algorithm
Ciphertext
Encipher Decipher
Secret Key
As the market requirements for secure products has exponentially increased, our strategy will be to ….
Asdfe8i4*(74mjsd(9&*nng654mKhnamshy75*72mnasjadif3%j*j^3cdf(#4215kndh_!8g,kla/”2acd:{qien*38mnap4*h&fk>0820&ma012M
As the market requirements for secure products has exponentially increased, our strategy will be to ….
M. Mogollon – 7 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Asymmetric Key Crypto System(Public Key Algorithm)
• Public key encryption involves two mathematically related keys.• Either key can be used to encipher.• One of the keys can be made public and the other kept private.• Strengths: No key delivery issues, can be used for non-repudiation.• Weakness: Slow, inefficient for large amounts of data, computationally expensive.• Algorithms: RSA, ElGamal, Schnorr, Pohlig-Hellman, Elliptic Curve Cryptography.• Used mainly for key exchange or digital signatures.
One Key to Encipher Another Key to Decipher
PlaintextPlaintext Encryption Algorithm
Encryption Algorithm
Ciphertext
Encipher DecipherAs the market requirements for secure products has exponentially increased, our strategy will be to ….
Asdfe8i4*(74mjsd(9&*nng654mKhnamshy75*72mnasjadif3%j*j^3cdf(#4215kndh_!8g,kla/”2acd:{qien*38mnap4*h&fk>0820&ma012M
As the market requirements for secure products has exponentially increased, our strategy will be to ….
M. Mogollon – 8 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Stream Ciphers
• Plaintext is broken up into successive bits, and each one is enciphered with a bit from a keystream
• If the key stream repeats itself after n characters, the stream is periodic; otherwise, it is non-periodic.
• Types of Stream Ciphers— Synchronous stream cipher— Self-synchronous stream cipher
Output
One-time Keypad
1
0
1
1
01
1
0
0
0
0
11
1
0
M. Mogollon – 9 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Stream Cipher Encryption Using Modulo-2
Modulo 2 Adder 1 + 0 = 1 1 + 1 = 00 + 1 = 1 0 + 0 = 0
Enciphering Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1 DecipheringCiphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0
PlaintextPlaintext
Encryption AlgorithmModulo 2 Adder
Ciphertext
Encipher Decipher
Key Stream
Key Stream
+ +Encryption Algorithm
Modulo 2 Adder
M. Mogollon – 10 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Symmetric Key Stream Cipher
• Key stream generated independently of the cleartext or cipher text.
• Crypto variable and initialization vector required.• Periodic key stream
Key Generator
Key Generator
Synchronization
Cryptographic Variables (CV)
Cryptographic Variables (CV)
Initialization Vector (IV)
Initialization Vector (IV)
PlaintextPlaintext
Encryption AlgorithmModulo 2 Adder
Ciphertext
Encipher Decipher
Key Stream
Key Stream
+ +Encryption Algorithm
Modulo 2 Adder
M. Mogollon – 11 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Bit Flip and Missing Bits
A bit is not received correctly (bit flip)
Enciphering
Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0
Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1
Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1
Deciphering
Ciphertext 1 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1
Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1
Plaintext 0 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0
A bit is missing
Enciphering
Plaintext 1 0 0 1 1 0 0 0 1 0 1 0 0 0 1 1 0
Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1
Ciphertext 0 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0 1
Deciphering
Ciphertext 0 0 1 0 1 1 1 0 0 1 1 0 0 1 0 1
Keystream 1 0 1 1 0 0 1 1 1 0 0 1 0 0 0 1 1
Plaintext 1 0 0 1 1 1 0 1 1 1 1 1 0 1 0 0 0
Modulo-2 Adder1 + 0 = 1 1 + 1 = 00 + 1 = 1 0 + 0 = 0
M. Mogollon – 12 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Self-Synchronous Stream Cipher
• Keystream function of the ciphertext• Allows late entry.• Non-periodic Key stream.
PlaintextPlaintext Ciphertext
Encipher Decipher
Key Generator
Key Generator
N-bit Feedback Shift Register
Cryptographic Variables (CV)
Cryptographic Variables (CV)
Key Stream
Key Stream
+ +
M. Mogollon – 13 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Perfect Crypto System
• From the theoretical point of view, the only system that offers perfect secrecy is the one in which the keystream is — totally random, — infinitely long, — and used only one time.
• A perfect crypto system is achieved only with Vernam's cipher, the One-Time key, in which the keystream is random, is as long as the message, and is used only one time.
• However, Vernam's cipher system is not widely used because of the following problems: — The length of the key is as long as the plaintext and can be cumbersome. — There is an immense volume of key material that needs to be sent to the
receiver. — The cryptographer needs to find a safe way of letting the recipient know the
key that was used to encipher the message.
M. Mogollon – 14 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Perfect Key Generator• Infinite Number of Crypto Variables
(Keys)— 56, 64, 128, 256, 512, 1028, 2056 bits
• Random Keystream— A pseudorandom keystream that is
random for all statistical tests, but which can be re-created by the same type of key generator when the same crypto variables are loaded in both key generators.
• Infinite Cycle Length• Random Starting Places
— Random Starting Places (Message Key, Initialization Vector). With many different message keys (starting positions in the key generator), the probability that the key used to encipher a message is used only one time is very high. This is one of the most important of Vernam's conditions for a perfect keystream.
• Fail Safe-Alarms.
1
0
1
1
01
1
0
0
0
0
1
1
1
0
1
0
1
1
10
1
0
0
0
1
00
1
0
Key Variable
1
Key Variable
2128
Starting position 1
Starting position 10 40
Cycle Length
M. Mogollon – 15 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Linear Shift Register
Advantages
• They produce sequences of 1s and 0s.
• Identical shift registers with the same initial input behave alike and produce exactly the same outputs.
• They easily produce long cycles.
• Their outputs are statistically balanced.
• They have well known properties.
Disadvantages
• They are described by a single recursion equation.
• Previous stages are easily calculated.
• In the initial starting condition, all zeros must be avoided to prevent collapse. Setting at least one of the stages to 1 prevents this problem.
• Improper selection of the feedback taps may not produce maximum length periods.
M. Mogollon – 16 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Linear Feedback Shift Registers (LFSR)
The polynomial f(x) of any shift register, called the Characteristic Polynomial, can be determined as the sum of the values of CiXi for which the Si stage is fed
back into the modulo-2 adder.
C1 C2 C3 Cn-1 Cn
S1 S2 S3 Sn-1 Sn
+ + + +
C1 X1 C2 X2 C3 X3 Cn-1 Xn-1 Cn Xn
S1 S2 S3 Sn-1 Sn
+ + + +
Co X0
xC= (x) f nn
n
0=n
x+ xC ......+ xC+ xC+ xC+ 1= (x) f n1-n1-n
33
22
11
M. Mogollon – 17 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Shift Register Theory
1 0 1 1
0 1 0 1
0 0 1 0
0 0 0 1
0 0 0 0
Step 1
Step 2
Step 3
Step 4
Modulo-2 Adder1 + 0 = 1 1 + 1 = 00 + 1 = 1 0 + 0 = 0
0 0 0 1
x1 x2 x3 x4x 0
f(x) = 1 + x + x4
Clock States Clock States(Initial) 0 0 0 11 1 0 0 0 10 0 1 1 02 1 1 0 0 11 0 0 1 13 1 1 1 0 12 1 0 0 14 1 1 1 1 13 0 1 0 05 0 1 1 1 14 0 0 1 06 1 0 1 1 15 0 0 0 17 0 1 0 1 16 1 0 0 08 1 0 1 0 17 1 1 0 09 1 1 0 1 18 1 1 1 0
x + x ...... + x + x + x+ 1= (x) f n1-n321
Characteristic Polynomial of a Shift Register
Maximum length of a four-stage shift register:
Period = 15 = 2 4 –1Number of “ones = 2 4 – 1
Number of “zeros” = 2 4 – 1 –1
Maximum length of a four-stage shift register:
Period = 15 = 2 4 –1Number of “ones = 2 4 – 1
Number of “zeros” = 2 4 – 1 –1
+
M. Mogollon – 18 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Shift Register Theory Modulo-2 Adder1 + 0 = 1 1 + 1 = 00 + 1 = 1 0 + 0 = 0
0 0 0 1
x1 x2 x3 x4x 0
f(x) = 1 + x2 + x4
Clock States(Initial) 0 0 0 1
1 1 0 0 02 0 1 0 03 1 0 1 04 0 1 0 15 0 0 1 06 0 0 0 1
Clock States(Initial) 1 0 1 1
1 1 1 0 12 0 1 1 03 1 0 1 1
0 0 0 1
x1 x2 x3 x4x 0
f(x) = 1 + x + x2 + x3 + x4
Clock States(Initial) 0 0 0 1
1 1 0 0 02 1 1 0 03 0 1 1 04 0 0 1 15 0 0 0 1
If an LFSRs doesn’t have maximum length, the initial conditions (the initial sequence loaded into the shift
register) determine which sequence is generated and the period of such sequence.
In any LFSR, the feedback connections determine whether the sequence will be
maximum or not.
+ + ++
M. Mogollon – 19 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Shift Register Properties
• A Shift Register produces sequences that depend upon the number of stages, feedback tap connections, and initial conditions.
• The succession of states in a Shift Register is periodic, with a period p £ 2n - 1, where n is the number of stages. The value of p depends on the feedback coefficients, but a period of (2n - 1) can sometimes be achieved.
• A sequence generated by an n-stage Shift Register is said to have maximum length if its period is p = 2n - 1. This maximum length holds, no matter what the initial state of the shift register is. Also, if a Shift Register sequence has a period of p = 2n - 1, then every possible binary vector (except all zeros) of length n occurs exactly once in each period.
• In any LFSR, the feedback connections determine whether the sequence will be maximum or not.
• In LFSRs with reducible characteristic polynomials (non-maximal sequences), the initial conditions (the initial sequence loaded into the shift register) determine which sequence is generated and the period of such sequence.
M. Mogollon – 20 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Shift Register Properties
• If all the exponents of a polynomial are even, then the characteristic polynomial is reducible, and it can’t have a maximum length sequence; e.g., the characteristic polynomial is reducible.
• If a shift register sequence has maximum length, its characteristic polynomial is irreducible; however, the converse of this property does not hold true. There actually are irreducible polynomials which correspond to no maximum-length sequences.
• If the characteristic polynomial of a LFSR is primitive, the shift register sequence has maximum length.
• A maximum length sequence cannot be generated from a Shift Register that has an odd number of taps because this means that f(x) is divisible by(x - 1).
• The number of ways to achieve maximum length (p = 2n - 1) in a Shift Register is given by
n2
n
1) -2(= (n)N
nn
m
x + x + 1= (x) f 42
M. Mogollon – 21 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Shift Register Properties
• If a sequence has an irreducible characteristic polynomial of degree n, the period of the sequence is a factor of 2n - 1, and it may or may not be maximum. The period is always the same, regardless of the initial state. However, if the maximal length, p = 2n - 1, is prime, every irreducible polynomial of degree n corresponds to a shift register sequence of maximum length. When p = 2n - 1 is prime, it is known as Mersenne Prime.
• If a sequence has an irreducible characteristic polynomial of degree n, its maximum length does not depend on the initial conditions, except for the initial condition, "all 0s."
• If a sequence has a primitive characteristic polynomial of degree n, its period is the smallest positive integer p for which the characteristic polynomial f(x) divides xp - 1, modulo 2.
M. Mogollon – 22 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Non-Linear Combination of LFSR Devices
0 0 0 1 1
0 0 0 1
0 0 0Key
Stream
LFSR 1
LFSR 2
LFSR 3
Maximum Length
LFSR 1 25 – 1 = 31
LFSR 1 24 – 1 = 15
LFSR 1 23 – 1 = 7
P .... ,P ,P ,P of factors commonAny
) P ....x Px Px P(= M
n321
n321l
Maximum Length = 31 x 15 x 7 = 3255
3157)x (3
7)x x5x x(=
7)x 15 x (63= M l
)3()79
Replace LFSR 1 for a six stage SR
Maximum Length = 26 – 1 = 63
+
+
+
+
+
Plaintext
Key Generator
Initialization Vector
Key Stream
+Ciphertext
M. Mogollon – 23 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Gears and Shift Registers
15, 31, 127
When will the marked teeth return to their original position?
M. Mogollon – 24 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Block Cipher
• Encryption algorithm is used to transform x bits of Plaintext into x bits of ciphertext.
• Every bit of the plaintext has an effect on every bit of the ciphertext.
• Each block is independent, no influence between blocks.
• Identical plaintext blocks produce identical ciphertext blocks.
• Error in ciphertext has an effect only on that block.
• Types of Block Ciphers— DES Electronic Code Book— DES Cipher Block Chaining— Advanced Encryption Standard
M. Mogollon – 25 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Block Cipher
Block Cipher
Algorithm
Encipher
Crypto Variables
PlaintextBlock
cipher block
Block Cipher
Algorithm
Decipher
Plaintext Blocks
Crypto Variables
Cipher Block
Block SizeDES: 64-bitAES: 128-bit
M. Mogollon – 26 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Data Encryption Standard (DES)
• Approved in 1977.• Enciphers a 64-bit block of plaintext into a 64-bit block of
ciphertext, under the control of a 64-bit crypto variable where 56 bits are the key and 8 bits are used for parity.
• Uses transposition and substitution.• Has 16 separate rounds of encipherment. Each round
involves operations with a different 48-bit key developed from the original 64-bit cryptographic key.
• Distributed.Net, a worldwide coalition of computer enthusiasts, worked with EFF's DES Cracker and a global network of nearly 100,000 PCs in 1998 and broke a DES 56-bit key in 22 hours and 15 minutes.
M. Mogollon – 27 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
DES -Steps
Perform an initial permutation on the bit string according to a function derived from the encryption key.
Perform a set of constant substitution functions using 8 S-boxes (4 x 16 matrix) followed by the permutation.
Split the 64-bit permuted block of data into 32-bit halves and expand the 32- bit string to 48 bits.
Encipher the right half with an encryption key, using 48 bits of the original 56-bit of the encryption key.
Repeat the whole set of functions 16 times with a different encryption key every time.
Perform a final permutation, the inverse of the initial permutation.
Initial Permutation
L0
INPUT
R0
L1 = R0 R1 = L0 + f (R0 +K1)
L2 = R1 R2 = L1 + f (R1 +K2)
Key 1
+ f
L15 = R14 R15 = L14 + f (R14 +K15)
+ f
+ f
+ f
R16 = L15 + f (R15 +K16) L16 = R15
Inverse Initial Permutation
INPUT
Key 2
Key n
Key 16
M. Mogollon – 28 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Advanced Encryption Standard
• In September 1997, the NIST issued a Federal Register Notice soliciting encryption algorithms to replace the DES.
• Fifteen algorithms were presented and five were selected for the second round: — MARS, submitted by IBM (United States).— RC6, submitted by RSA Laboratories (United States).— Rijndael, submitted by Joan Daemen and Vincent Rijmen (Belgium).— Serpent, submitted by Ross Anderson (United Kingdom), Eli Biham (Israel), and Lars
Knudsen (Norway).— Twofish, submitted by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner,
Chris Hall, and Niels Ferguson (United States).
• On October 2, 2000, the NIST announced that it had selected Rijndael for the AES.
• The standard became effective May 26, 2002.
• The AES can be used by U.S. government organizations to protect secret and top secret (classified) information.
M. Mogollon – 29 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
AES
• Symmetric block cipher that uses cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data blocks of 128 bits.
• Substitution and linear transformation are done with different numbers of rounds depending on the key size: 10 (128 bits), 12 (192 bits) or 14 (256 bits).
• A data block to be processed using the AES is partitioned into an array of bytes, and each of the cipher operations is byte-oriented.
• The AES encryption consists of the following:— Key expansion— An initial round key addition— Several rounds of ByteSub, ShiftRow, MixColumn, and AddRoundKey— Final round of ByteSub, ShiftRow, and AddRoundKey
• The S-box has a mathematical structure, based on the combination of inversion over a Galois field and an affine transformation. Although this mathematical structure might conceivably aid an attack, the structure is not hidden as would be the case for a trapdoor. If the S-box were suspected of containing a trapdoor, then the S-box could be replaced.
M. Mogollon – 30 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
0 1 2
Input bit sequence
Byte number
Bit number in bytes
….
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
Block Length = 128 bits = 16 bytes
Byte 0
Byte 4
Byte 8
Byte 12
Byte 1
Byte 5
Byte 9
Byte 13
Byte 2
Byte 6
Byte 10
Byte 14
Byte 3
Byte 7
Byte 11
Byte 15
in0
in1 in5
in2 in6 in10
in15in11in7in3
in9
in4 in8
in14
in13
in12 S0,0
S1,0 S1,1
S2,0 S2,1 S2,2
S3,3S3,2S3,0
S1,2
S0,1 S0,2
S2,3
S1,3
S0,3
S3,1
Input Bytes Array State ArrayBytes Array
….
….
State Array
M. Mogollon – 31 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
AES Standard Round Transformations
Round transformations are composed of four steps
• SubByte: A nonlinear substitution that replaces the bytes in the State Array by the byte determined by the row and column intersection in a substitution box, S-box. Provides non-linearity.
• ShiftRow: Rows of the State Array are shifted for inter-column diffusion (linear mixing).
• MixColumn: Every column in the State Array is transformed using a matrix multiplication for inter-byte diffusion within columns (linear mixing). In the last round, the column mixing is omitted.
• Round Key Addition: Subkey bytes are XORed into each byte of the array.
M. Mogollon – 32 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
AES ImplementationPlaintext
Initial RoundAddRoundKey
Standard RoundSubBytesShiftRows
MixColumnsAddRoundKey
Final RoundSubBytesShiftRows
AddRoundKey
Ciphertext
N r - 1
Key Expansion(Nr + 1 )
K(0)
K(1)...K(Nr-1)
K(Nr)
Key
Picture from: http://home.ecn.ab.ca/~jsavard/crypto/co040401.htm
M. Mogollon – 33 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Key Expansion• The AES algorithm takes the Cipher Key, K, and performs a Key Expansion routine to
generate a key schedule.
• Key Expansion routine generates a total of Nb (Nr +1) words.• Nb is equal to number of columns in the data block. For a data block of 128 bits,
Nb is equal to 4 • Nr is the number of rounds• For a data block and Cipher Key of 128 bits, it generates 4 x (10 + 1) = 44 words
• The Cipher Key becomes the first words. All other words are calculated using the following transformation:
temp = SubWord(RotWord (temp)) xor Rcon [ i / nk]
w0 w1 w2 w3
Cipher Key : 2b 7e 15 16 28 ae d2 a6 ab f7 15 88 09 cf 4f 3c
w0 w1 w2 w3 w4 w5
w06
w7
w40 w41 w42 w43
For a 128-bit Data Block and Cipher
Key
2b
7e ae
15 d2 15
3c88a616
f7
28 ab
4f
cf
09
•••••
K0 K1 K10
M. Mogollon – 34 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
SubBytes Transformation
S’0,0
S’1,0 S’1,1
S’2,0 S’2,1 S’2,2
S’3,3S’3,2S’3,0
S’1,2
S’0,1 S’0,2
S’2,3
S’1,3
S’0,3
S’3,1
State’ Array
S0,0
S1,0 S1,1
S2,0 S2,1 S2,2
S3,3S3,2S3,0
S1,2
S0,1 S0,2
S2,3
S1,3
S0,3
S3,1
State Array
S-Box
0 1 2 3 4 5 6 7 8 9 a b c d e f 0 63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76 1 ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 2 b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 3 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 4 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 5 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf 6 d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 7 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 8 cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 9 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db a e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 b e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 c ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a d 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e e e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df f 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16
S-Box
S1,1 = 0 1 0 1 0 0 1 1 = S{53}
S’1,1 = S’{ed} = 1 1 1 0 1 1 0 1
S1,1 = 0 1 0 1 0 0 1 1 = S{53}
S’1,1 = S’{ed} = 1 1 1 0 1 1 0 1
M. Mogollon – 35 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
ShiftRows Transformation
S’0,0
S’1,1 S’1,2
S’2,2 S’2,3 S’2,0
S’3,2S’3,1S’3,3
S’1,3
S’0,1 S’0,2
S’2,1
S’1,0
S’0,3
S’3,0
S0,0
S1,0 S1,1
S2,0 S2,1 S2,2
S3,3S3,2S3,0
S1,2
S0,1 S0,2
S2,3
S1,3
S0,3
S3,1
The bytes in the last three rows of the State Array are shifted 1, 2, or 3 times to the left.
The bytes in the last three rows of the State Array are shifted 1, 2, or 3 times to the left.
M. Mogollon – 36 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
MixColumns Transformation
S’0,0
S’1,0
S’2,0 S’2,2
S’3,3S’3,2S’3,0
S’1,2
S’0,2
S’2,3
S’1,3
S’0,3
S’1,1
S’2,1
S’0,1
S’3,1
S0,0
S1,0
S2,0 S2,2
S3,3S3,2S3,0
S1,2
S0,2
S2,3
S1,3
S0,3
S1,1
S2,1
S0,1
S3,1
State Array
MixColumn
The MixColumns transformation treats each column as a four term polynomial over GF(28) and multiplied
modulo x4 + 1 with a fixed polynomial a(x), given by
The MixColumns transformation treats each column as a four term polynomial over GF(28) and multiplied
modulo x4 + 1 with a fixed polynomial a(x), given by
}02{}01{}01{}03{)( 23 xxxxa
s’(x) = a(x) s(x)X
M. Mogollon – 37 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
AddRoundKey Transformation
In the AddRoundKey transformation, every entry in the State Array is XOR with its corresponding entry in the cipher sub-key.
32 88 31 e0
43 5a 31 37
f6 30 98 07
a8 8d a2 34
2b
7e ae
15 d2 15
3c88a616
f7
28 ab
4f
cf
09 19
3d f4
e3 e2 8d
082abe
c6
a0 9a
48
f8
e9
2b
Cipher Key Array State Array (After the Transformation)
State Array (Before the Transformation)
XOR
=+
Input = {32} = 00110010Cipher Key = {2b} = 00101011State Array = {19} = 00011001
Modulo-2 Adder (XOR)1 + 0 = 1 1 + 1 = 00 + 1 = 1 0 + 0 = 0
M. Mogollon – 38 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
AES Advanced Validation Suite
• The AES Advanced Validation Suite provides the basic design and configuration of a battery of tests designed to perform automated tests on an AES implementation.
• The battery of tests includes the following:— Known Answer Test (KAT)— Multi-block Message Test (MMT)— Monte Carlo Test (MCT).
• The successful completion of the tests as they are described in the AES Advanced Validation Suite is required to claim conformance to the Advanced Encryption Standard FIFS 197.
M. Mogollon – 39 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Block Cipher Modes of Operation Electronic Code Book (ECB)
Input Block
Plaintext
Ciphertext
• Basic mode; x-bit block input, x-bit block output.
• Identical plaintext blocks produce identical ciphertext blocks.
• Same as a code book.
• Easier to cryptoanalyze.
• One bit error propagates over the x-bit block.
CIPHK
Output Block
Input Block
Ciphertext
Plaintext
CIPHK
Output Block
EBC Encryption EBC Decryption
M. Mogollon – 40 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Cipher Block Chaining (CBC)
+
Input Block 1
CIPHK
Output Block 1
Plaintext 1
Ciphertext 1
+
Input Block 1
CIPH-1K
Output Block 1
Plaintext 1
Ciphertext 1
InitializationVector
InitializationVector
+
Input Block 2
CIPHK
Output Block 2
Plaintext 2
Ciphertext 2
+
Input Block 2
CIPH-1K
Output Block 2
Plaintext 2
Ciphertext 2
+
Input Block n
CIPHK
Output Block n
Plaintext n
Ciphertext n
+
Input Block n
CIPH-1K
Output Block n
Plaintext n
Ciphertext n
Enc
rypt
Dec
ryp
t
M. Mogollon – 41 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Ciphertext n
Cipher Feedback (CFB) Mode
+Plaintext 1
+
Plaintext 1
Ciphertext 1
InitializationVector
InitializationVector
En
cryp
tD
ecry
pt
Ciphertext 1
+Plaintext 2
+
Plaintext 2
Ciphertext 2
Ciphertext 2
+Plaintext n
+
Plaintext n
Ciphertext n
Input Block 2(b-s) Bits s Bits
CIPHK
Output Block 2 Select Discard S Bits (b–s ) bits
Input Block n(b-s) Bits s Bits
CIPHK
Output Block n Select Discard s Bits (b–s) bits
Input Block 1
CIPHK
Output Block 1 Select Discard s Bits (b–s) bits
Input Block 2(b-s) Bits s Bits
CIPHK
Output Block 2 Select Discard s Bits (b–s) bits
Input Block 1
CIPHK
Output Block 1 Select Discard s Bits (b–s) bits
Input Block n(b-s) Bits s Bits
CIPHK
Output Block 2 Select Discard s Bits (b–s) bits
M. Mogollon – 42 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Output Feedback (OFB) Mode
+
Input Block 1
CIPHK
Output Block 1
Plaintext 1
+
Plaintext 1
Ciphertext 1
Input Block 1
CIPHK
Output Block 1
InitializationVector
InitializationVector
En
cryp
tD
ecry
pt
Ciphertext 1
+
Input Block 2
CIPHK
Output Block 2
Plaintext 2
+
Plaintext 2
Ciphertext 2
Input Block 2
CIPHK
Output Block 2
Ciphertext 2
+
Input Block n
CIPHK
Output Block n
Plaintext n
+
Plaintext n
Ciphertext n
Input Block n
CIPHK
Output Block n
Ciphertext n
M. Mogollon – 43 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Counter (CTR) Mode
+
Input Block 1
CIPHK
Output Block 1
Plaintext 1
+
Plaintext 1
Ciphertext 1
Input Block 1
CIPHK
Output Block 1
Counter 1
En
cryp
tD
ecry
pt
Ciphertext 1
+
Input Block 2
CIPHK
Output Block 2
Plaintext 2
+
Plaintext 2
Ciphertext 2
Input Block 2
CIPHK
Output Block 2
Ciphertext 2
+
Input Block n
CIPHK
Output Block n
Plaintext n
+
Plaintext n
Ciphertext n
Input Block n
CIPHK
Output Block n
Ciphertext n
Counter 2 Counter n
Counter 1 Counter 2 Counter n
M. Mogollon – 44 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
Block Cipher Multiple Encryption
• Double DES with two crypto variables
• Triple DES with two crypto variables
• Triple DES with three crypto variables
MC C C M
MD D D MC
K K
K K
2 1
1 2
( ( ))
( ( )
M C C D C M
M D D C D M C
K K K
K K K
1 2 1
1 2 1
( ( ( ) ) )
( ( ( ) ) )
MC C D C M
MD D C D MC
K K K
K K K
3 2 1
3 2 1
( ( ( )))
( ( ( )))
M. Mogollon – 45 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
IP Encryption
IPSec uses a DES encryption algorithm with three crypto variables in the Cipher Block
Chaining mode to encipher the IP packets.
Or,
IPSec uses a 3DES-CBC to encipher the IP packets.
IV
2KD
CK1
CK3
+
CK1
CK3
+
CK1
+
MessageBlock
1
Block Cipher 1
Block Cipher 2
Block Cipher n
~~
MessageBlock
2
MessageBlock
n
3KC
2KD2KD
2KD
M. Mogollon – 46 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
To Probe Further
• Golomb, S. (1967). Shift Register Sequences. San Francisco: Holden-Day Publishers• Articles related to Solomon W. Golomb Shift Register Sequences
http://citeseer.nj.nec.com/nrelatedgid/35609
• Data Encryption Standard (DES) Federal Information Standards Publication FIPS PUB 46-3.
http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
• DES Modes of Operationhttp://csrc.nist.gov/publications/fips/fips81/fips81.htm
• Advanced Encryption Standard (AES) web sitehttp://csrc.nist.gov/encryption/aes/
• Rijndael Home Page, Authors: Joan Daemen, Vicent Rijmem http://www.esat.kuleuven.ac.be/~rijmen/rijndael/
• Encryption Standards: AES vs. DES, Author: Gerwin Sturm, 2000http://stud3.tuwien.ac.at/~e9825530/computerscience/aes/
• Randomness Recommendations for Securityhttp://www.ietf.org/rfc/rfc1750.txt?number=1750
M. Mogollon – 47 Encryption Systems Basic Encryption Shift Registers Key Generators AES Block Ciphers
To Probe Further
• The AES Algorithm Validation Suite document specifies the procedures involved in validating implementation of the Advanced Encryption Standard (AES) algorithm in FIPS 197. Author: Lawrence E. Bassham III, 2002
http://csrc.nist.gov/cryptval/aes/AESAVS.pdf
• AES Matlab Implementation, Author: Jörg Buchholz — This documentation describes a Matlab implementation of the Advanced Encryption Standard
(AES)
http://www.mathworks.co.uk/matlabcentral/fileexchange/loadFile.do?objectId=1190&objectType=file
• A Specification for Rijndael Algorithm, Author: Dr. Brian Gladman, 2002 http://fp.gladman.plus.com/cryptography_technology/rijndael/aesspec.pdf