1 chapter 3 ciphers mechanism that decides the process of encryption/decryption stream cipher:...
TRANSCRIPT
1Chapter 3
Ciphers
• Mechanism that decides the process of encryption/decryption
• Stream Cipher: Bit-by-bit encryption / decryption
• Block Cipher: Block-by-block encryption / decryption
3Chapter 3
Basic operations upon string of 0/1
• Coded Word– XOR ( )⊕– Transposition– Logical Operations (A∩B,…)
• Block Number– +,-,*,/– Finite Field (under Modular)– Exponentiation (under Modular)– …
4Chapter 3
XOR operation ⊕
• XOR operation :⊕– Encrypted: M K= C⊕– Decrypted: C K= M ⊕– Math. Notation:
• Encryption: M K ⊕ C
• Decryption: C K ⊕ M
M K C
0 0 0
0 1 1
1 0 0
1 1 0
5Chapter 3
Basic of stream cipher
• Message M comes in bit strings• Key bit strings are generated from a key K
• Encryption:– Cipher C are basically an bit XOR operation between
message bit strings and key bit strings (generated from key K)
• Decryption:– Message M comes from an bit XOR operation between
Cipher C strings and key bit strings (generated from key K)
6Chapter 3
Encrypt/Decrypt with XOR
Plain text
Plain text
Sender(A)
Net
wor
k
Receiver
(B)Cipher
text
…01101
10011…
…10100 …10100
10011…
…01101
Cipher text
7Chapter 3
How to generate the key bit sequence by a key
Pseudo random generator
Key
A serial of bit sequenceLFSR, Linear Feedback shift register
+
1 0 0output
Concept
8Chapter 3
Program for LFSR
• Parameter:– Unsigned long shiftRegister– shiftRegister = input_key
• Procedure:– Output shiftRegister&0x0000001 ;– shiftRegister = ( (shiftRegister >>2) ^
(shiftRegister >>1) & 0x00000001)<<31) | (shiftRegister >>1);
9Chapter 3
Stream Cipher basic (XOR Blockbit level)
F4 0100011000110100
0001010100001111
S;
+
0101001100111011
Plain text
Cipher text
the key
In normal format
In binary format
10Chapter 3
Block Cipher• Message are chocked into numbers of block
Each block are encrypted with block ciphers
• Block between block are operated with one of the four modes (ECB,CBC,OFB, OCB).
• Known Block Ciphers: – DES, triple DES,IDEA, RC5, Blowfish, AES
11Chapter 3
Symmetric Key Cryptography
Fig 3.15
Plain text
Encrypt with symmetric key
Plain text
Decrypt with symmetric key
Sender(A)
Netw
ork
Receiver
(B)
Cipher text
Cipher text
12Chapter 3
Data Encryption Standard (DES)• History
– 1977 published by National Institute of Standard and Technology, USA
– Based on IBM Lucifer cipher and NSA
• Specification:– Uses a 56-bit key (among 64-bit), and map a 64-bit input
block into a 64-bit output block.
• Theory basics:– Input permutation, key introduce bit string (s-box), XOR
• Comment:– DES is efficient to implement in hardware but relative slow
in software. For example, a 500-MIPS CPU can encrypt at 30 Koctets per second.
13Chapter 3
Conceptual View of DES
Fig 3.16
64-bit Plain text
56-bit KeyDES
64-bit Cipher
text
Block 1
64-bit Plain text
56-bit KeyDES
64-bit Cipher
text
Block 2
64-bit Plain text
56-bit KeyDES
64-bit Cipher
text
Block n
14Chapter 3
Broad Level Steps in DES
Fig 3.19
Initial Permutation (IP)
LPT RPT
16 rounds 16 roundsKey Keyi
Final Permutation (FP)
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Plain text (64 bits)
Cipher text (64 bits)
15Chapter 3
Initial permutation (IP)
• Input 64-bit after bit position change (IP) produces 64-bit output
58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
Means: Output bit 1 from bit 58, bit 2 from bit 50, bit 3 from 42,…
16Chapter 3
Board level include the master Key64-bit input
Round 1
Round 2
64-bit output
Round 16
56-bit key
Generate 16 per-round keys
Initial Permutation
Final Permutation
Swap left and right halves
48-bit K1
48-bit K2
48-bit K16
18Chapter 3
The Mangler Function• Two inputs: 32-bit plus 48-bit subkey• Output: 32-bit• Operations:
– Step 1: 32-bit are expanded into 48-bit– Step 2: the expanded 48-bit are XORed with the 48-bit
subkey– Step 3: the 48-bit result are divide into 8 blocks with 6
bits.– Step 4: each block are lookup into the S-box to
generate the 4 bit– Step 5: the result 32-bit are then permutated to generate
the 32 output.
19Chapter 3
32-bit(RPT)
48-bit(subkey)
Expansion permutation
XOR48-bit
48-bit divide into 8 6-bit blocks
S-box 1 S-box 8S-box 2
32-bit
P-Box permutation
32-bit
20Chapter 3
Expansion permutation
32 1 2 3 4 5 4 5 6 7 8 9
8 9 10 11 12 13 12 13 14 15 16 17
16 17 18 19 20 21 20 21 22 23 24 25
24 25 26 27 28 29 28 29 30 31 32 1
P-box permutation
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
21Chapter 3
S-box(1~8)S-box 1
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
For example: bit 101101, table look up 11 0110
0000 0001 0010 0011 0100 0101 0110 1111
00
01
10
11
22Chapter 3
How Sub key generate from Key
• Input : 64 bits• Output: 48 bits x 16 (round 1~16)• Steps:
– 1) 64 bits to 56 bits, and the 56 bits is divide into 2 halves, each of 28 bits, called C and D. (through a discard permutation)
– 2) each of 28 bits are rotated (round 1,2,9,1nd 16 are 1bit, and other are 2-bit)
– 3) from the 2 halves, among the 56 bits only 48 bits are got through compression permutation
23Chapter 3
Discard permutation
compression permutation
14 17 11 24 1 5 3 28 15 6 21 10
23 19 12 4 26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40 51 45 33 48
44 49 39 56 34 53 46 42 50 36 29 32
24Chapter 3
Mathematics‘ notation on Block cipher Like DES
• For plain text m, encrypted with key K1, is denoted as:Ek1[m]
(m)k1 if encrypt / decrypt operation is obvious.
• For a cipher text c, decrypted with key K1, is denoted as:Dk1[c]
(c)k1 if encrypt / decrypt operation is obvious.
i.e.,
Dk1[Ek1[m] ] = m
((m)k1 )k1= m
25Chapter 3
DES operation mode
• Operation modes:– Block between block operation– Four modes:
• ECS (Electronic Code Book)
• CBC (Cipher Block Chaining)
• CFB (Cipher Feedback)
• OFB (Output Feedback)
26Chapter 3
Encryption in ECB Mode
Fig 3.6
Encrypt
Plain text block 1
Key
Cipher text block 1
Step 1
Encrypt
Plain text block 2
Key
Cipher text block 2
Step 2
Encrypt
Plain text block n
Key
Cipher text block n
Step n
27Chapter 3
Decryption in ECB Mode
Fig 3.7
Decrypt
Cipher text block 1
Key
Plain text block 1
Step 1
Decrypt
Cipher text block 2
Key
Plain text block 2
Step 2
Decrypt
Cipher text block n
Key
Plain text block n
Step n
28Chapter 3
ECB Example
Fig 3.4
FOUR _AND_ FOUR Plain text
Encrypt Encrypt Encrypt
VFa% VFa%*yT1x Cipher text
(a) The Encryption Process at the sender’s end
VFa% VFa%*yT1x Cipher text
Decrypt Decrypt Decrypt
FOUR _AND_ FOUR Plain text
(b) The Decryption Process at the receiver’s end
29Chapter 3
Encryption in CBC Mode
Fig 3.8
Encrypt
Plain text block 1IV
Cipher text block 1
Step 1
Encrypt
Plain text block 2
Cipher text block 2
Step 2
Encrypt
Plain text block n
Cipher text block n
Step n
Key
XOR XOR
Key Key
XOR
30Chapter 3
Decryption in CBC Mode
Fig 3.9
Decrypt
Cipher text block 1
IV
Plain text block 1
Step 1
Decrypt
Cipher text block 2
Plain text block 2
Step 2
Decrypt
Cipher text block n
Plain text block n
Step n
Key
XOR XOR
Key Key
XOR
31Chapter 3
Encryption in CFB Mode
Fig 3.13
IV (Shift register)
EncryptKey
Take just the leftmost 8 bits
XOR
Plain text j bits
Cipher text j bits
IV (Shift register)
EncryptKey
Take just the leftmost 8 bits
XOR
Plain text j bits
IV (Shift register)
EncryptKey
Take just the leftmost 8 bits
XOR
Plain text j bits
Cipher text j bits
Cipher text j bits
32Chapter 3
Algorithm Modes
Fig 3.5
Algorithm Modes
Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
These two modes work on block ciphers.
These two modes work on block ciphers acting as stream ciphers.
33Chapter 3
Encryption in OFB Mode
Fig 3.14
IV (Shift register)
EncryptKey
Take just the leftmost 8 bits
XOR
Plain text j bits
Cipher text j bits
IV (Shift register)
EncryptKey
Take just the leftmost 8 bits
XOR
Plain text j bits
IV (Shift register)
EncryptKey
Take just the leftmost 8 bits
XOR
Plain text j bits
Cipher text j bits
Cipher text j bits
34Chapter 3
Modified Versions of DES
• Double DES: Perform DES twice with two different keys
• Triple DES with Three Different Keys
• Triple DES with Two Different Keys
35Chapter 3
Double DES Encryption
Fig 3.36
Original Plain Text
Encrypt
K1
Cipher Text
Encrypt
K2
Cipher Text
36Chapter 3
Double DES Decryption
Fig 3.37
Original Plain Text
Decrypt
K2
Decrypt
K1
Cipher Text
Cipher Text
37Chapter 3
Double DES Expressed
P Encrypt
K1
Temporary result (T)
Encrypt
K2
C
EK1(P) EK2(EK1(P))T = EK1(P)
C = EK2(EK1(P))
Subject to: meet-in-the-middle attackStep 1: store all possible EK1(P)Step 2: decrypt c with all possible key value DK2(C) Step 3: find a match value at step 1 and 2.
38Chapter 3
Triple DES
Fig 3.41
Original Plain Text
Encrypt
K1
Cipher Text 1
Encrypt
K2
Cipher Text 2
Encrypt
K3
Final Cipher Text
39Chapter 3
Triple DES with Two Keys
Fig 3.42
Original Plain Text
Encrypt
K1
Cipher Text 1
Decrypt
K2
Cipher Text 2
Encrypt
K1
Final Cipher Text
40Chapter 3
RC5
• Developed by Ron Rivest
• Quite fast, flexibility (security vs speed)
• Almost no memory for execution:– Suitable for PDA, smart card, ..
41Chapter 3
Basic principles
• Variable lengths– Block size (word bits and 2-word blocks),
number of rounds and number of 8-bit bytes (octets) of the key
• Particular RC5 instance should be assigned, denoted as RC5-w/r/b, e.g., RC5-32/12/16 means 64-bit block, 12 round, and 16x8 bits key
42Chapter 3
Encryption using RC5
Fig 3.54
First, divide the original plain text into two blocks of equal size. Call them as A and B.
Add A and S[0] to produce C.Add B and S[1] to produce D.
1. XOR C and D to produce E. 4. XOR D and F to produce G.
2. Circular-left shift E by D bits.
3. Add E and S[2i] to produce F.
5. Circular-left shift G by F bits.
6. Add G and S[2i + 1] to produce H.
Increment i by 1.
Check:
Is i > r?
Stop
Yes
No
Note: First perform all the left-hand side steps, and then come to the right hand side steps, as indicated by the step numbers.
Call F as C(i.e. C = F)
Call H as D(i.e. D = H)
43Chapter 3
RC5 Encryption
Fig 3.63
A = A + S[0]B = B + S[1]
For i = 1 to rA = ((A XOR B) <<< B) + S[2i]B = ((B XOR A) <<< A) + S[2i + 1]
Next i
44Chapter 3
RC5 Decryption
Fig 3.64
For i = r to 1 step –1 (i.e. decrement i each time by 1)B = ((B – S[2i + 1]) >>> A) XOR AA = ((A – S[2i]) >>> B) XOR B
Next i
B = B – S[1]A = A – S[0]
45Chapter 3
Sub-key creation in RC5
• 8-bit as a unit• First, the key is put to array L, denoted as, L[0],
L[1],…, L[b-1]• Second, generate the array S, by using two
constant P (0xb7e15163)and Q (0x9e3779b9), up to 2 times round plus 1, S[0], S[1],…S[2r+1]
• Third, Mixing array L and S, to produce the final subkey array S
46Chapter 3
s[0]=p
For i=1 to 2r+1
s[i]=(s[i-1]+Q) mod 2^32
Next i
i=j=0
A=B=0
Do 3n times (n =max(2r+1, b))
A=s[i]=(s[i]+A+B)<<<3
B=L[j]=(L[j]+A+B)<<<(A+B)
i = (i+1) mod 2(r+1)
j= (j+1) mod b
end-do
Array S generated
Mix Array S and L to generate S
47Chapter 3
Advanced Encryption Standard (AES)
• 1990s, US want to the next generation cipher, and among many 15 proposals, Rijndael was accepted.
• Features:– Fast, variable in block size and key size.– Security
• Application:– Triple DES and AES.