lecture 2.2: private key cryptography ii
DESCRIPTION
Lecture 2.2: Private Key Cryptography II. CS 436/636/736 Spring 2012 Nitesh Saxena. Today’s fun/informative bit – The Smudge Attack. See: http://www.usenix.org/event/woot10/tech/full_papers/Aviv.pdf. Course Administration. TA/Grader: Eric Frees Email: [email protected] - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/1.jpg)
Lecture 2.2: Private Key Cryptography II
CS 436/636/736 Spring 2012
Nitesh Saxena
![Page 2: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/2.jpg)
Today’s fun/informative bit – The Smudge Attack
• See: http://www.usenix.org/event/woot10/tech/full_papers/Aviv.pdf
04/20/23Lecture 2.2 - Private Key
Cryptography II2
![Page 3: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/3.jpg)
Course Administration
• TA/Grader: Eric Frees– Email: [email protected]– Office hours: 2-4pm on Wednesdays, Ugrad lab
(CH 154)
04/20/23Lecture 2.2 - Private Key
Cryptography II3
![Page 4: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/4.jpg)
Outline of today’s lecture
•Block Ciphers•Data Encryption Standard (DES)
04/20/23Lecture 2.2 - Private Key
Cryptography II4
![Page 5: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/5.jpg)
Block Ciphers and Stream Ciphers
• Block ciphers partition plaintext into blocks and encrypt each block independently (with the same key) to produce ciphertext blocks.
• A stream cipher generates a keystream and encrypts by combining the keystream with the plaintext, usually with the bitwise XOR operation.
• We will focus mostly on Block Ciphers
04/20/23Lecture 2.2 - Private Key
Cryptography II5
![Page 6: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/6.jpg)
DES – Data Encryption Standard
• Encrypts by series of substitution and transpositions.• Based on Feistel Structure• Worldwide standard for more than 20 years.• Designed by IBM (Lucifer) with later help (interference?)
from NSA.• No longer considered secure for highly sensitive applications.• Replacement standard AES (advanced encryption standard)
recently completed.
04/20/23Lecture 2.2 - Private Key
Cryptography II6
![Page 7: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/7.jpg)
DES – Overview (Block Operation)
04/20/23Lecture 2.2 - Private Key
Cryptography II7
![Page 8: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/8.jpg)
DES – Each Round
04/20/23 8
![Page 9: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/9.jpg)
DES – Function F
04/20/23Lecture 2.2 - Private Key
Cryptography II9
![Page 10: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/10.jpg)
DES – Key Schedule (KS)
04/20/23Lecture 2.2 - Private Key
Cryptography II10
![Page 11: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/11.jpg)
Operation Tables of DES: Key Schedule, PC-1, PC-2
04/20/23Lecture 2.2 - Private Key
Cryptography II11
![Page 12: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/12.jpg)
Operation Tables (IP, IP-1, E and P)
04/20/23Lecture 2.2 - Private Key
Cryptography II12
![Page 13: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/13.jpg)
S-boxes: S1 (as an example)0000
0001
0010
0011
0100
0101
0110
0111
1000
1001
1010
1011
1100
1101
1110
1111
00
01
10
11
04/20/23Lecture 2.2 - Private Key
Cryptography II13
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 70 15 7 4 14 2 13 1 10 6 12 11 9 5 3 84 1 14 8 13 6 2 11 15 12 9 7 3 10 5 015 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Sj
)( 654321 bbbbbbS6543
21
:
:
bbbbcolumn
bbrow
Is the table entry from
01106)011001( dS
![Page 14: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/14.jpg)
DES Decryption
• Same as the encryption algorithm with the “reversed” key schedule – NEXT!
04/20/23Lecture 2.2 - Private Key
Cryptography II14
![Page 15: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/15.jpg)
x Plain text
0R0LInitial permutation (IP)
0R ),( 100 KRFL Round-1 (key K1)
),( 161515 KRFL 15R
Round-16 (key K16)
),( 161515 KRFL 15R
swap
yIP inverse
Cipher text
15R15L
Rounds 2-15
04/20/23 15
![Page 16: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/16.jpg)
),( 161515 KRFL 15R
yIP inverse
Cipher text
IP),( 161515 KRFL 15R
Round-1 (K16)
),(),( 1615161515 KRFKRFL 15R
15L15R
=
Since 0bbbb 0
en
cry
pt
decry
pt
04/20/23Lecture 2.2 - Private Key
Cryptography II16
![Page 17: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/17.jpg)
DES Example
04/20/23Lecture 2.2 - Private Key
Cryptography II17
We choose a random plaintext block and a random key, and We choose a random plaintext block and a random key, and determine what the ciphertext block would be (all in determine what the ciphertext block would be (all in hexadecimal):hexadecimal):
![Page 18: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/18.jpg)
Example (contd) -- encryption
04/20/23Lecture 2.2 - Private Key
Cryptography II18
![Page 19: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/19.jpg)
Example (contd) -- decryption
04/20/23Lecture 2.2 - Private Key
Cryptography II19
Let us see how Bob, at the destination, can decipher the Let us see how Bob, at the destination, can decipher the ciphertext received from Alice using the same key. Table 6.16 ciphertext received from Alice using the same key. Table 6.16 shows some interesting points. shows some interesting points.
![Page 20: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/20.jpg)
DES Security: Avalanche Effect
04/20/23Lecture 2.2 - Private Key
Cryptography II20
![Page 21: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/21.jpg)
DES Security
• S-Box design not well understood • Has survived some recent sophisticated
attacks (differential cryptanalysis)• Key is too short. Hence is vulnerable to brute
force attack.• 1998 distributed attack took 3 months.• $1,000,000 machine will crack DES in 35
minutes – 1997 estimate. $10,000 – 2.5 days.
04/20/23Lecture 2.2 - Private Key
Cryptography II21
![Page 22: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/22.jpg)
DES Cracking machine
•
04/20/23Lecture 2.2 - Private Key
Cryptography II22
![Page 23: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/23.jpg)
Super-encryption.
• If key length is a concern, then instead of encrypting once, encrypt twice!!
C = EK2(EK1(P))
P = DK2(DK1(C))
• Does this result in a larger key space?• Encrypting with multiple keys is known as
super-encryption. • May not always be a good idea04/20/23
Lecture 2.2 - Private Key Cryptography II
23
![Page 24: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/24.jpg)
Double DES
• Double DES is almost as easy to break as single DES (Needs more memory though)!
04/20/23Lecture 2.2 - Private Key
Cryptography II24
![Page 25: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/25.jpg)
Double DES – Meet-in-the-middle Attack (due to Diffie-Hellman)
• Based on the observation that, if C = EK2(EK1(P))
ThenX = EK1(P) = DK2(C).
• Given a known (P, C) pair, encrypt P with all possible values of K and store result in table T.
• Next, decrypt C with all possible keys K and check result. If match occurs then check key pair with new known (P, C) pair. If match occurs, you have found the keys. Else continue as before.
• Process will terminate successfully.
04/20/23Lecture 2.2 - Private Key
Cryptography II25
![Page 26: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/26.jpg)
Meet-in-the-middle Explanation
• The first match does not say anything as we have 264 ciphertexts and 2112 keys.
• On the average 2112 / 264 = 248 keys will produce same ciphertext.
• So there could be 248 possible candidates• We can use a second pair (P’,C’)• So, probability that false alarm will survive
two known (P, C) pairs is 248 / 264 = 2-16.• One can always check a third pair to further
reduce the chance of a false alarm.
04/20/23Lecture 2.2 - Private Key
Cryptography II26
![Page 27: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/27.jpg)
Triple DES
27
Triple DES (2 keys) requires 2112 search. Is reasonably secure.
Triple DES (3 keys) requires 2112 as well Which one is better?
![Page 28: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/28.jpg)
Some Questions• Double encryption in DES increases the key space size from
2^56 to 2^112 – true or false?• Is known-plaintext an active or a passive attack?• Is chosen-ciphertext attack an active or a passive attack?• Reverse Engineering is applied to what design of systems –
open or closed?• Alice needs to send a 64-bit long top-secret letter to Bob.
Which of the ciphers that we studied today should she use?
04/20/23Lecture 2.2 - Private Key
Cryptography II28
![Page 29: Lecture 2.2: Private Key Cryptography II](https://reader035.vdocuments.us/reader035/viewer/2022062422/56813bad550346895da4e0ac/html5/thumbnails/29.jpg)
Further Reading
• Chapter 7.4 of HAC • Chapter 3 of Stallings
04/20/23Lecture 2.2 - Private Key
Cryptography II29