symmetric encryption - school of computing and … encryption stallings: ch 3 & 6 stallings: ch...
TRANSCRIPT
CNT-4403: 18.Sept.2011 1
Week 10
Cryptography
Symmetric Encryption
Stallings: Ch 3 & 6
Stallings: Ch 4
CNT-4403: 18.Sept.2011 3
Uses 56-bit keys to encrypt 64 bit blocks
Differential cryptanalysis – O(247) encryptions
Linear cryptanalysis – O(243) encryptions
Multiple Encryption and DES
Can we make DES withstand attacks without changing its structure ?
Yes !
CNT-4403: 18.Sept.2011 4
2 DES with keys K1 and K2: C = EK2(EK1(P))
Double DES
DES Encrypt
P
K1 K2
DES Encrypt
X C
DES Decrypt
K1 K2
DES Decrypt
C X P
CNT-4403: 18.Sept.2011 5
2 DES uses two keys: 56+56=112 bits
Is the strength 256 of DES ?
NO !!!!
Given P and C
Encrypt P for all possible 256 values of K1
Store in table T: pairs (K1, EK1(P))
Decrypt C for all possible 256 values of K2
Search DK2(C) in table T
Success when EK1(P) = DK2(C)
Attack takes O(256) steps – similar to DES
2 DES: Meet-in-the-Middle
CNT-4403: 18.Sept.2011 6
Must use 3 encryptions
But can use 2 keys with E-D-E sequence
C = EK1(DK2(EK1(P)))
If K1=K2 then equivalent with single DES
Standardized in ANSI X9.17 & ISO8732
No current known practical attacks Several proposed impractical attacks might become
basis of future attacks
Triple DES: Two Keys
CNT-4403: 18.Sept.2011 7
Can use Triple-DES with Three-Keys to avoid
even these
C = EK3(DK2(EK1(P)))
Has been adopted by some Internet applications
PGP, S/MIME
Triple DES: Three Keys
CNT-4403: 18.Sept.2011 9
Block ciphers encrypt fixed size blocks
DES encrypts 64-bit blocks with 56-bit key
Need to encrypt and decrypt arbitrary amounts of data in practice
NIST SP 800-38A defines 5 modes Electronic Code Book: ECB
Cipher Block Chaining: CBC
Cipher Feedback: CFB
Output Feedback: OFB
Counter Mode: CTR
Can be used with any block cipher
Modes of Operation
CNT-4403: 18.Sept.2011 10
Split message into blocks of length b (e.g., 64 bits)
Use the same key to encrypt each block
Each block is mapped into a unique value like a codebook
Electronic Code Book (ECB)
DES Encrypt DES Encrypt
C1 Cs
P1 Ps
…
(s blocks)
K K
CNT-4403: 18.Sept.2011 11
Weakness due to independent encryptions Same bit repeated each b positions
Main use is sending a few blocks of data E.g., shared keys
ECB Decryption
C1 Cs
P1 Ps
…
(s blocks)
K K DES Decrypt DES Decrypt
CNT-4403: 18.Sept.2011 12
Use Initial Vector (IV) to start process
Chain current cipher block into next encryption
Cipher Block Chaining (CBC)
DES Encrypt DES Encrypt
C1 C2
P1 P2 …
(s blocks)
K K
IV
C1
CNT-4403: 18.Sept.2011 13
CBC: Decryption
DES Decrypt DES Decrypt
C1 C2
P1 P2
…
(s blocks)
K K
IV
C1
CNT-4403: 18.Sept.2011 14
Padding: Message length may not be divisible by b
End of message must handle a possible last short block
Random padding
May require an extra entire block over those in message
Need Initialization Vector (IV) Must be known to sender & receiver
May be sent encrypted in ECB mode before rest of message
CBC Discussion
CNT-4403: 18.Sept.2011 15
Block modes (ECB,CBC) encrypt entire block
May need to operate on smaller units: Why ?
Real time data
Convert block cipher into stream cipher
Cipher feedback (CFB) mode
Output feedback (OFB) mode
Counter (CTR) mode
Stream Modes of Operation
CNT-4403: 18.Sept.2011 16
Message is treated as a stream of bits
Take s bits at a time; s<b
Cipher Feedback Mode (CFB)
DES Encrypt
…
(so on) K
P1 (s)
C1
s bits Discard
IV (b bits) IV Shift s bits
DES Encrypt
C1
s bits Discard
P2 (s)
C2
K
CNT-4403: 18.Sept.2011 17
More on CFB
Decryption similar …
Appropriate when data arrives in bits/bytes
CNT-4403: 18.Sept.2011 18
b is block size
Counter Mode (CTR)
Encrypt
…
(so on) K
P1 (b)
Counter1
Encrypt
C1
P2 (b)
C2
K
Counter2
Counter2 = Counter1 +1, .., Countern = Countern-1 + 1
CNT-4403: 18.Sept.2011 19
CTR (cont’d)
The initial Counter1 is random
Decryption is identical to encryption
Counter1 must be known
Counters should not be reused
This includes across multiple messages
CNT-4403: 18.Sept.2011 20
CTR Advantages
Hardware/software efficient
Can process blocks in parallel
Preprocessing
Precompute encryptions of counters
Random access
Can encrypt/decrypt any block
CNT-4403: 18.Sept.2011 21
CTR Advantages (cont’d)
Provable security
At least as secure as the other modes
Simplicity
Encryption = Decryption