KEMBAR78
Introduction to cryptographic algorithms.ppt
Uploaded byAbhilashaSharma568050
PPT, PDF8 views

Introduction to cryptographic algorithms.ppt

Cryptography

Download to read offline
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
30.2 30-1 INTRODUCTION 30-1 INTRODUCTION Let us introduce the issues involved in cryptography. Let us introduce the issues involved in cryptography. First, we need to define some terms; then we give some First, we need to define some terms; then we give some taxonomies. taxonomies. Definitions Two Categories Topics discussed in this section: Topics discussed in this section:
Need for Security  Some people who cause security problems and why.
• Network security problems can be divided roughly into four closely intertwined areas: – secrecy, – authentication, – Non-repudiation, and – integrity control. • Secrecy: Confidentiality, keeping information out of hands of unauthorized users. • Authentication: Determine whom you are talking to before revealing sensitive information. • Non-repudiation: Deals with signatures. How would u prove that customer placed an order. What if he deny later? • Integrity Control: Finally, how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified at transit? • Cryptography comes from the Greek words for ''secret writing.'‘ Encryption + Decryption = Cryptography. • Types: – Cipher : cipher is a character-for-character or bit-for-bit transformation, without regard to the linguistic structure of the message. – Code : a code replaces one word with another word or symbol. • Used with U.S. Armed forces during World War II in Pacific against Japan. • U.S broke Japanese code but the Japanese never broke Navajo code(Cipher and Code) which played a crucial role in American victories in Pacific. • Four group of people contributed to cryptography: the military, the diplomatic corps, diarists, and lovers.    
• The messages to be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. • The output of the encryption process, known as the cipher-text, is then transmitted, often by messenger or radio. • We assume that the enemy, or intruder, hears and accurately copies down the complete cipher-text. • But, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. • Intruder is needed to break this code. • The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is collectively known as cryptology. • What is the relation between plaintext, ciphertext, and keys? See next fig. • We will use C = EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext C. • Similarly, P = DK(C) represents the decryption of C to get the plaintext again. Dk(Ek(P)) = P • Secrecy lies exclusively in the keys is called Kerckhoff's principle, named after the Flemish military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883). • Kerckhoff's principle: All algorithms must be public; only the keys are secret. • Trying to keep the algorithm secret is known in the trade as security by obscurity. • The longer the key, the higher the work factor the cryptanalyst has to deal with. • Newspaper cryptograms could be broken trivially if the cryptanalyst were allowed to ask such questions as: What is the encryption of ABCDEFGHIJKL?     • Encryption Methods: – Substitution Ciphers – Transposition Ciphers
30.6 Figure 30.1 Cryptography components Sender Receiver Plaintext Cipher text Encryption Decryption
30.7 Figure 30.2 Categories of cryptography
30.8 Figure 30.3 Symmetric-key cryptography
30.9 In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Note
30.10 Figure 30.4 Asymmetric-key cryptography
30.11 Figure 30.5 Keys used in cryptography
30.12 Figure 30.6 Comparison between two categories of cryptography
30.13 30-2 SYMMETRIC-KEY CRYPTOGRAPHY 30-2 SYMMETRIC-KEY CRYPTOGRAPHY Symmetric-key cryptography started thousands of years Symmetric-key cryptography started thousands of years ago when people needed to exchange secrets (for ago when people needed to exchange secrets (for example, in a war). We still mainly use symmetric-key example, in a war). We still mainly use symmetric-key cryptography in our network security. cryptography in our network security. Traditional Ciphers Simple Modern Ciphers Modern Round Ciphers Mode of Operation Topics discussed in this section: Topics discussed in this section:
30.14 Figure 30.7 Traditional ciphers
Encryption Model  The encryption model (for a symmetric- key cipher).
Substitution Cipher  In a substitution cipher each letter or group of letters is replaced by another letter or group of letters to disguise it.  Caesar Ciphers:  One of the oldest known ciphers is the Caesar cipher, attributed to Julius Caesar.  In this method,  a becomes D,  b becomes E,  c becomes F,  ... , and  z becomes C.  For example, ‘attack’ becomes ‘DWWDFN’.  Plaintext will be given in lower case letters, and ciphertext in upper case letters.  Caesar cipher allows the ciphertext alphabet to be shifted by k letters, instead of always 3.  In this case k becomes a key to the general method of circularly shifted alphabets.  Disadvantage: Can’t fool everyone. Easy to convert to plaintext. Predictable key.
30.17 A substitution cipher replaces one symbol with another. Note
30.18 The following shows a plaintext and its corresponding ciphertext. Is the cipher monoalphabetic? Key = +3 Example 30.1 Solution The cipher is probably monoalphabetic because both occurrences of L’s are encrypted as O’s.
 Mono-alphabetic substitution:  The next improvement is to have each of the symbols in the plaintext, say, the 26 letters for simplicity, map onto some other letter.  For example,  plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z  ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M  The general system of symbol-for-symbol substitution is called a monoalphabetic substitution  key being the 26-letter string corresponding to the full alphabet.  ‘attack’ would be transformed into the ciphertext ‘QZZQEA’.  26! = 4 x 1026 possible keys can be used.  Even at 1 nsec per solution, a computer would take 1010 years to try all the keys.  Disadvantage:  How to carry 26 lettered key? CD? Written? How? Risky.  Predicting is possible.  e is the most common letter, followed by t, o, a, n, i, etc.  The most common two-letter combinations, or digrams, are th, in, er, re, and an.  The most common three-letter combinations, or trigrams, are the, ing, and, and Ion.  Conclusion? If ‘thYt’ stands for that, means ‘a’ has code ‘Y’. substitution of ‘Y’ to ‘a’ would predict many digraphs and trigraphs such as ‘aWZ’ stands for ‘and’. Cryptanalyst would try hard, he can predict the key.
30.20 The following shows a plaintext and its corresponding ciphertext. Is the cipher monoalphabetic? Example 30.2 Solution The cipher is not monoalphabetic because each occurrence of L is encrypted by a different character. The first L is encrypted as N; the second as Z.
30.21 The shift cipher is sometimes referred to as the Caesar cipher. Note
30.22 Use the shift cipher with key = 15 to encrypt the message “HELLO.” Solution We encrypt one character at a time. Each character is shifted 15 characters down. Letter H is encrypted to W. Letter E is encrypted to T. The first L is encrypted to A. The second L is also encrypted to A. And O is encrypted to D. The cipher text is WTAAD. Example 30.3
30.23 Use the shift cipher with key = 15 to decrypt the message “WTAAD.” Solution We decrypt one character at a time. Each character is shifted 15 characters up. Letter W is decrypted to H. Letter T is decrypted to E. The first A is decrypted to L. The second A is decrypted to L. And, finally, D is decrypted to O. The plaintext is HELLO. Example 30.4
30.24 A transposition cipher reorders (permutes) symbols in a block of symbols. Note
Transposition Ciphers  A transposition cipher.
 Transposition cipher reorder the letters but do not disguise them.  The cipher is keyed by a word or phrase not containing any repeated letters.  In this example, MEGABUCK is the key.  The purpose of the key is to number the columns.  Plaintext is written horizontally, in rows, padded to fill the matrix if need be.  The ciphertext is read out by columns, starting with the column whose key letter is the lowest.  Every letter represents itself, keeping the frequency distribution intact.  How to break the cipher as cryptanalyst?  Suppose ‘million dollars’ occurs somewhere in message.  Observes digrams MO, IL, LL, LA, IR by wrapping around.  For k columns, k(k-1) columns can be examined.  Advantage: tough to determine the column sequence.
30.27 Figure 30.8 Transposition cipher
30.28 Encrypt the message “HELLO MY DEAR,” using the key shown in Figure 30.8. Solution We first remove the spaces in the message. We then divide the text into blocks of four characters. We add a bogus character Z at the end of the third block. The result is HELL OMYD EARZ. We create a three-block ciphertext ELHLMDOYAZER. Example 30.5
30.29 Using Example 30.5, decrypt the message “ELHLMDOYAZER”. Solution The result is HELL OMYD EARZ. After removing the bogus character and combining the characters, we get the original message “HELLO MY DEAR.” Example 30.6
30.30 Figure 30.9 XOR cipher
30.31 Figure 30.10 Rotation cipher
30.32 Figure 30.11 S-box
30.33 Figure 30.12 P-boxes: straight, expansion, and compression
Product Ciphers  Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.
 S-Box:  a 3-bit plaintext is entered and a 3-bit ciphertext is output.  The 3-bit input selects one of the eight lines exiting from the first stage and sets it to 1.  The second stage is a P-box.  The third stage encodes the selected input line in binary again.  01234567 is input then output would be 24506713.  Product Cipher:  Powerful tool in which p-box and s-box is cascaded forming whole series of boxes to form a product cipher.  12 input lines in p-box.  212 = 4096 crossed wires are needed in middle stage.  Input is broken into 3 bits, each substituted independently.  K bit input to produce k bit output, k is 64 to 256.  Less general, more powerful, becoming complicated function.
Feistel Cipher Structure  Virtually all conventional block encryption algorithms, including DES, have a structure first described by Horst Feistel of IBM in 1973.  Hence, Feistel is called the father of Cryptography.  The realization of a Feistel Network depends on the choice of the following parameters and design features (see next slide):
Feistel Cipher Structure  Block size: larger block sizes mean greater security  Key Size: larger key size means greater security  Number of rounds: multiple rounds offer increasing security  Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis  Round function: greater complexity means greater resistance of cryptanalysis  Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern  Ease of analysis: It should be difficult to analyse the cipher text and conversion of ciphertext to plaintext must be impossible.
Data Encryption Standard (DES)  The most widely used encryption scheme.  NIST (National Institute of Standards & Technology), as FIPS PUB 46 (Federal Information Processing Standards).  The algorithm is referred to the Data Encryption Algorithm (DEA).  DES is a block cipher.  Minor variation of Feistel.  It has 16 rounds of processing.  The plaintext is processed in 64-bit blocks.  The key is 56 bits in length, which is divided into 16 subkeys, each one is used for each round.  Decryption:  Use ciphertext as input to DES.  Use subkeys Ki in reverse order till K is reached. i.e K16 to K2, K1.
30.40 Figure 30.13 DES
30.41 Figure 30.14 One round in DES ciphers
 DES (Data Encryption Standard), was widely adopted by the industry for use in security products.  DES procedure:  Enciphering a 64-bit data block and a  56-bit key  Step 1: Stage 1: An initial transposition (permutation)  Step 2: Iteration 1 to 16: rounds of a complex key dependent calculation.  Step 3: Stage ‘second last’: 32 bit exchange of leftmost 32 bits with rightmost 32 bits.  Step 4: Stage ‘last’: A final transposition, obtained by just reversing the obtained transposition.  Output: 64 bit ciphertext.  Iteration 1 to 16 procedure:  Each stage takes two 32-bit inputs and produces two 32-bit outputs.  Each of 16 iterations uses different key.  The left output is simply a copy of the right input.  The right output is the bitwise XOR of the left input and a function of the right input and the key for this stage, Ki.  All the complexity lies in this function.  Whitening:  Technique used to make DES sronger.  XORing random 64bit key with each plaintext block before feeding it into DES.  And then again XORing a second 64 bit key with resulting ciphertext before transmitting it.  It can be removed easily by running reverse operation.  It adds more bits to the key length.  Time consuming.  In 1977, standford cryptography researchers Diffie and Hellman designed a machine that breaks DES within 1 day.
 With key length of 56bits, there are 256 = 7.2 x 1016 possible keys.  Here, brute-force attack appears impractical. How?  Trying each key per microsecond would take more than 10 thousand years to break cipher.  So? DES is secure?  Yes or No?  DES finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF98) announced that it had broken a DES encryption using a special-purpose “DES Cracker” machine that was built for less than $250,000.  The attack took less than 3 days to break cipher.  Problem?  Solution?  So a 128-bit key is guaranteed to result in an algorithm that is unbreakable by brute force or EFF98.  128-bit key would take over 1018 years to break the code using the EFF cracker.
30.45 Figure 30.16 Triple DES
Triple DES  (a) Triple encryption using DES.  (b) Decryption.  IBM realized that DES key length was too short and developed: : triple DES.  Here,  2 keys,  3 stages  Procedure:  Step 1: the plaintext is encrypted using DES in the usual way with K1.  Step 2: DES is run in decryption mode, using K2 as the key.  Step 3: Finally, another DES encryption is done with K1.  Why 2 keys are used instead of 3?  Another key would just add overhead for little benefit. So 2 keys are enough.  Why EDE instead of EEE?  Backward compatibility with single encryption decryption algorithm by just replacing k1 = k2.
 Advantage / Attraction of People:  168 bit key length which overcomes the vulnerability of brute force attack.  Same algorithm procedure as DES.  Very resistant to cryptanalysis.  Disadvantage:  Algorithm is relatively sluggish in software, does not produce efficient software codes.  Slower due to 3 times more rounds then DES.  Both DES and 3DES use 64 bit block size, larger block size is desirable for efficiency and security.  Solution?  AES.
AES – The Advanced Encryption Standard  DES began approaching the end of its useful life, even with triple DES.  NIST (National Institute of Standards and Technology), the agency of the U.S. Dept. of Commerce charged with approving standards for the U.S. Federal Government, decided that the government needed a new cryptographic standard for unclassified use as there were problems with DES to be standardized.  They conducted a conference which had following rules for computing cryptography algorithm:  Rules for AES proposals: 1. The algorithm must be a symmetric block cipher. 2. The full design must be public. 3. Key lengths of 128, 192, and 256 bits supported. 4. Both software and hardware implementations required 5. The algorithm must be public or licensed on nondiscriminatory terms.  Out of 16 proposals, 5 were sort listed and 1 was awarded as the best solution/ algorithm so far provided.  Name: Rijndael (from: Joan Daelmen and Vincent Rijnmen, 86 votes).  Let us see that in detail.
30.49 Table 30.1 AES configuration
30.50 AES has three different configurations with respect to the number of rounds and key size. Note
30.51 Figure 30.17 AES
30.52 Figure 30.18 Structure of each round
 Step 1: does a byte-for-byte substitution on state. Each byte in turn is used as an index into an S-box to replace its value by the contents of that S-box entry. This step is a straight mono-alphabetic substitution cipher. Unlike DES, which has multiple S-boxes, Rijndael has only one S-box.  Step 2: rotates each of the four rows to the left. Row 0 is rotated 0 bytes (i.e., not changed), row 1 is rotated 1 byte, row 2 is rotated 2 bytes, and row 3 is rotated 3 bytes. This step diffuses the contents of the current data around the block, analogous to the permutations.  Step 3: mixes up each column independently of the other ones. The mixing is done using matrix multiplication in which the new column is the product of the old column and a constant matrix, with the multiplication done using the finite Galois field, GF(28 ).  Step 4: XORs the key for this round into the state array.  Decryption?  Decryption can be done just by running the algorithm backward.  However, there is also a trick available in which decryption can be done by running the encryption algorithm, using different tables.  Advantages:  Great speed  Great security  Good software implementation on 2GHz machine, achieve 700Mbps encryption rate and encrypt over 100 MPEG-2 videos in real time.  Hardware implementation is also faster.
30.56 Figure 30.19 Modes of operation for block ciphers
30.57 Figure 30.20 ECB mode
Electronic Code Book Mode  Step 1: Break it up into consecutive 8 byte (64 bits) blocks.  Step 2: Encrypt them one after another with the same key.  Step 3: Last piece of plaintext is padded out to 64bits, if need be.  Also called ECB mode.  Intruder Enjoys by: making a copy of the 12th ciphertext block (which contains Kim's bonus) and use it to replace the 4th ciphertext block (which contains Leslie's bonus) even without knowing what the 12th block says.
Cipher Block Chaining Mode  Cipher block chaining. (a) Encryption. (b) Decryption.  Overcome the disadvantage of ECB mode.  Each plaintext block is XORed with previous ciphertext block before being encrypted.  Step 1: The first block is XORed with a randomly chosen IV (Initialization Vector), which is transmitted (in plaintext) along with the ciphertext.  C0 = E(P0 XOR IV)  Step 2: Then we compute C1 = E(P1 XOR C0), and so on….  Decryption ?  also uses XOR to reverse the process, with P0 = IV XOR D(C0), and so on.  Advantage:  Same plaintext block will not result in the same ciphertext block, making cryptanalysis more difficult.  Disadvantage:  Have to wait until an entire 64-bit block to arrive before decryption can begin.
30.60 Figure 30.21 CBC mode
Cipher Feedback Mode  (a) Encryption. (b) Decryption.  Overcome the disadvantage of Cipher Block Chaining Mode.  Use Triple(DES), Only 128 bit shift register is used.  Step 1: The leftmost byte of that ciphertext is extracted and XORed with P10.  Step 2: That byte is transmitted on the transmission line.  Step 3: In addition, the shift register is shifted left 8 bits, causing C2 to fall off the left end, and C10 is inserted in the position just vacated at the right end by C9.  Need: initialization vector to start the ball rolling.  Decryption? Decryption with cipher feedback mode just does the same thing as encryption. (not decryption).  Disadvantage? One bit transmission error may exist. if one bit of the ciphertext is accidentally inverted during transmission, the 8 bytes that are decrypted while the bad byte is in the shift register will be corrupted.
30.62 Figure 30.22 CFB mode
Stream Cipher Mode / OFB  A stream cipher. (a) Encryption. (b) Decryption.  Overcome the disadvantage of 1 bit error.  Step 1: It works by encrypting an initialization vector, using a key to get an output block.  Step 2: The output block is then encrypted, using the key to get a second output block.  Step 3: This block is then encrypted to get a third block, and so on.  Step 4: The (arbitrarily large) sequence of output blocks, called the key stream, is treated like a one-time pad and XORed with the plaintext to get the ciphertext.  Note:  IV is used only on the first step.  Key-stream is independent of the data,  so it can be computed in advance, if need be, and  It is completely insensitive to transmission errors.  Decryption? Decryption occurs by generating the same keystream at the receiving side.  Disadvantage:  Never to use same (key,IV) pair twice otherwise may result to keystream reuse attack.  Decrypting all the blocks ahead of it, an expensive proposition.
30.64 Figure 30.23 OFB mode
30.65 30-3 ASYMMETRIC-KEY CRYPTOGRAPHY 30-3 ASYMMETRIC-KEY CRYPTOGRAPHY An asymmetric-key (or public-key) cipher uses two An asymmetric-key (or public-key) cipher uses two keys: one private and one public. We discuss two keys: one private and one public. We discuss two algorithms: RSA and Diffie-Hellman. algorithms: RSA and Diffie-Hellman. RSA Diffie-Hellman Topics discussed in this section: Topics discussed in this section:
PUBLIC KEY ALGORITHM: RSA • RSA –Rivest–Shamir –Adelman • Used for all, Encryption, Authentication and Digital Signing. • Has long keys. i.e1024 bits which makes is secure. • Key advantage: difficulty of factoring large integers. • General Algorithm: 1. Generate two large random prime numbers, pand q, equal in size such that n=pq and φ= (p-1)(q-1). 2. Compute n= pq and φ= (p-1)(q-1) 3. Choose an integer ‘e’ such that 1 < e <φ gcd(e,φ) = 1. 4. Compute secret exponent d, 1 < d < φsuch that ed=1(mod φ). 5. The public key is (n,e) and private key (n,d). Keep secret p, q, φ. • Note: • ‘n’ is modulus • ‘e’ and ‘d’ is private key for encryption and decryption respectively. • ‘p’, ‘q’ and ‘φ’ is secret key.
RSA  An example of the RSA algorithm.
30.69 Figure 30.24 RSA
Key Generation Steps:  1. Select two prime numbers, p = 17 and q=11.  2. Calculate n = pq = 17 × 11 = 187.  3. Calculate f(n) = (p-1)(q-1) =16 × 10 =160.  4. Select e such that e is relatively prime to f(n) =160 and less than f(n); we choose e=7.  5. Determine d such that de mod 160 =1 and d < 160.The correct value is d = 23, because 23 × 7= 161.  The resulting keys are public keys and private key are {7, 187} and {23,187}.
Example:  Keys for a plaintext input of M = 88.  Encryption:  To calculate C = 887 mod 187:  887 mod 187 = [(884 mod 187) × (882 mod 187) × (881 mod 187)] mod 187  881 mod 187 = 88  882 mod 187 = 7744 mod 187 = 77  884 mod 187= 59,969,536 mod 187 = 132  887 mod 187 = (88 × 77 × 132) mod 187 =894,432 mod 187 = 11
Example of RSA Algorithm
 Decryption: M =1123 mod 187:  1123 mod 187 = [(111 mod 187) × (112 mod 187) × (114 mod 187) × (118 mod 187) × (118 mod 187)] mod 187  111 mod 187 = 11  112 mod 187 = 121  114 mod 187 = 14,641 mod 187 = 55  118 mod 187 = 214,358,881 mod 187 = 33  1123 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod 187 = 88
 Limitations of RSA:  To defeat the RSA algorithm: Use brute- force approach, i.e try all possible private keys.  The larger the number of bits in e and d, the more secure the algorithm.  Because the calculations involved (both in key generation and in encryption/decryption) are complex, the larger the size of the key, the slower the system will run.
Diffie-Hellman  The first published public-key algorithm.  Purpose: Exchange a secret key securely. (Also limitation).  Algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.
 There are two publicly known numbers:  a prime number q and  an integer α that is (alpha) α primitive root of q.  Suppose the users A and B wish to exchange a key.  User A selects a random integer XA < q and computes YA = aXA mod q.  B independently selects a random integer XB < q and computes YB = aXB mod q.  Each side keeps the X value private and makes the Y value available publicly to the other side.  User A computes the key as K = (YA)X B mod q.  And user B computes the key as  K = (YB )X A mod q.  = (aX B mod q)X A mod q  = (aX B)X A mod q  = aX B X A mod q  = (aX A)X B mod q  = (aX A mod q)X B mod q  K = (YA)X B mod q  The result is that the two sides have exchanged a secret value.
 As XA and XB are private, an adversary only has the following ingredients to work with: q, ,YA, and YB.  Thus, the adversary is forced to take a discrete logarithm to determine the key.  To determine the private key of user B, an adversary must compute XB = dlogα,q(YB).  Security lies with calculation of discrete logarithms.  Lets take one example supporting the algorithm.
Example:  The prime number q = 353 and a primitive root of q = 353, in this case α = 3.  A and B select secret keys XA =97 and XB =233, respectively. Each computes its public key: A computes YA = 397 mod 353 = 40. B computes YB =3233 mod 353 = 248.  After they exchange public keys, each can compute the common secret key:  A computes K =(YB) mod 353= 24897 mod 353= 160.  B computes K =(YA) mod 353= 40233 mod 353= 160.  We assume an attacker would have available the following information: q = 353; α = 3; YA = 40; YB = 248.  In this simple example, it would be possible to determine the secret key 160 by brute force.  The brute-force approach is to calculate powers of 3 modulo 353, stopping when the result equals either 40 or 248. The desired answer is reached with the exponent value of 97, which provides 397 mod 353= 40.  With larger numbers, the problem becomes impractical.
Limitations of Diffie-Hellman  The technique does not protect against replay attacks.  Man-In-The-Middle-Attack:  1. Darth generating two private keys XD1 and XD2, and then computing the corresponding public keys YD1 and YD2.  2. Alice transmites YA to Bob.  3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)X D2 mod q.  4. Bob receives YD1 and calculates K1 = (YD1)X B mod q.  5. Bob transmits YB to Alice.  6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)X D1 mod q.  7. Alice receives YD2 and calculates K2 = (YD2)X A mod q.  At this point, Bob and Alice think that they share a secret key. But actually situation is different.  Darth simply wants to eavesdrop. Or modify the message going to Bob.
30.83 The symmetric (shared) key in the Diffie-Hellman protocol is K = gxy mod p. Note
30.84 Let us give a trivial example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume g = 7 and p = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21. 2. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4. 3. Alice sends the number 21 to Bob. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 43 mod 23 = 18. 6. Bob calculates the symmetric key K = 216 mod 23 = 18. The value of K is the same for both Alice and Bob; gxy mod p = 718 mod 23 = 18. Example 30.10
30.85 Figure 30.27 Diffie-Hellman idea
30.86 Figure 30.28 Man-in-the-middle attack

More Related Content

PPT
Chapter 30
byFaisal Mehmood
 
DOCX
Cryptography
byfsl khan
 
PPT
30 Cryptography
byAhmar Hashmi
 
PDF
1network security encryption_methods-1
byAman Jaiswal
 
PPT
Chapter 30 - Cry
byWayne Jones Jnr
 
PPT
Cryptography and its uses in daily life presentation
byMamoonaBatool10
 
PPT
ch30.ppt
byPrasoonRajpoot
 
PPT
ch30.ppt
by0567Padma
 
Chapter 30
byFaisal Mehmood
 
Cryptography
byfsl khan
 
30 Cryptography
byAhmar Hashmi
 
1network security encryption_methods-1
byAman Jaiswal
 
Chapter 30 - Cry
byWayne Jones Jnr
 
Cryptography and its uses in daily life presentation
byMamoonaBatool10
 
ch30.ppt
byPrasoonRajpoot
 
ch30.ppt
by0567Padma
 

Similar to Introduction to cryptographic algorithms.ppt

PPTX
security system by desu star chapter 2 (1).pptx
bydesalewminale
 
PPT
Cryptography
bygueste4c97e
 
PPTX
Information security (Symmetric encryption, cryptography, crypto-analysis)
byZara Nawaz
 
PPT
EncryptionTechChap2.ppt
byrajirajesh8
 
PPTX
Mod1 basics cryptography first module vtu
byMonaReddy12
 
PPTX
Introduction to cryptography part2-final
byTaymoor Nazmy
 
PPT
ch_03 Traditional ciphering (1).ppt.xxxxxxxxx
bysnigdhamohanty14
 
PPT
Classical Encryption
byShafaan Khaliq Bhatti
 
PPTX
CS8792 - Cryptography and Network Security
byvishnukp34
 
PPTX
Symmetric Encryption Techniques
byDr. Kapil Gupta
 
PPTX
MODULE1_CLASSICALENCRYPTIONTECHNIQUES.pptx
byShivakumar M
 
PPTX
Module 1.pptx
byShilpaShettyA1
 
PPTX
MODULE 1 PART 111111111111111111111.pptx
bymailshivaiah
 
PDF
Cipher techniques
bysaqib1611
 
PPTX
Cryptography
byIama Marsian
 
PPT
Computer systems security 7-cryptography.ppt
bystephen972973
 
PPTX
Cryptography, Cryptology, Encryption and types
bysowaibakhan3
 
PPTX
Symmetric and asymmetric key cryptography
byMONIRUL ISLAM
 
PPTX
cryptographyandnetworksecu-module-1.pptx
byrekhac1976
 
PPTX
Traditional Symmetric Key method Cryptography.pptx
bysurajkumarsingh06092
 
security system by desu star chapter 2 (1).pptx
bydesalewminale
 
Cryptography
bygueste4c97e
 
Information security (Symmetric encryption, cryptography, crypto-analysis)
byZara Nawaz
 
EncryptionTechChap2.ppt
byrajirajesh8
 
Mod1 basics cryptography first module vtu
byMonaReddy12
 
Introduction to cryptography part2-final
byTaymoor Nazmy
 
ch_03 Traditional ciphering (1).ppt.xxxxxxxxx
bysnigdhamohanty14
 
Classical Encryption
byShafaan Khaliq Bhatti
 
CS8792 - Cryptography and Network Security
byvishnukp34
 
Symmetric Encryption Techniques
byDr. Kapil Gupta
 
MODULE1_CLASSICALENCRYPTIONTECHNIQUES.pptx
byShivakumar M
 
Module 1.pptx
byShilpaShettyA1
 
MODULE 1 PART 111111111111111111111.pptx
bymailshivaiah
 
Cipher techniques
bysaqib1611
 
Cryptography
byIama Marsian
 
Computer systems security 7-cryptography.ppt
bystephen972973
 
Cryptography, Cryptology, Encryption and types
bysowaibakhan3
 
Symmetric and asymmetric key cryptography
byMONIRUL ISLAM
 
cryptographyandnetworksecu-module-1.pptx
byrekhac1976
 
Traditional Symmetric Key method Cryptography.pptx
bysurajkumarsingh06092
 

Recently uploaded

PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PPTX
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
PDF
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
PDF
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
PPTX
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
PDF
Performance analysis of recycled PET composites reinforced with waste slate d...
byADITYA CHAUHAN
 
PPT
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
PPTX
Introduction to engineering dynamics for structural engineering student
bytekalign24
 
DOCX
material selection for preparation of glider
bybityasteraye
 
PPTX
GEMM tiling for weight stationary NCKU AISlab
bye24111071
 
PDF
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PPT
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
PDF
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
PDF
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
PPTX
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
PDF
Somnath Mukherjee_BIM Specialist_Portfolio.pdf
bySomnathMukherjee980757
 
PPT
23 EL PGS Sec-I (Shared).ppt power generation systems
byMehran university of engineering technology Pakistan
 
PDF
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
PDF
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
Performance analysis of recycled PET composites reinforced with waste slate d...
byADITYA CHAUHAN
 
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
Introduction to engineering dynamics for structural engineering student
bytekalign24
 
material selection for preparation of glider
bybityasteraye
 
GEMM tiling for weight stationary NCKU AISlab
bye24111071
 
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
Somnath Mukherjee_BIM Specialist_Portfolio.pdf
bySomnathMukherjee980757
 
23 EL PGS Sec-I (Shared).ppt power generation systems
byMehran university of engineering technology Pakistan
 
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 

Introduction to cryptographic algorithms.ppt

  • 1.
    30.1 Chapter 30 Cryptography Copyright ©The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  • 2.
    30.2 30-1 INTRODUCTION 30-1 INTRODUCTION Letus introduce the issues involved in cryptography. Let us introduce the issues involved in cryptography. First, we need to define some terms; then we give some First, we need to define some terms; then we give some taxonomies. taxonomies. Definitions Two Categories Topics discussed in this section: Topics discussed in this section:
  • 3.
    Need for Security Some people who cause security problems and why.
  • 4.
    • Network securityproblems can be divided roughly into four closely intertwined areas: – secrecy, – authentication, – Non-repudiation, and – integrity control. • Secrecy: Confidentiality, keeping information out of hands of unauthorized users. • Authentication: Determine whom you are talking to before revealing sensitive information. • Non-repudiation: Deals with signatures. How would u prove that customer placed an order. What if he deny later? • Integrity Control: Finally, how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified at transit? • Cryptography comes from the Greek words for ''secret writing.'‘ Encryption + Decryption = Cryptography. • Types: – Cipher : cipher is a character-for-character or bit-for-bit transformation, without regard to the linguistic structure of the message. – Code : a code replaces one word with another word or symbol. • Used with U.S. Armed forces during World War II in Pacific against Japan. • U.S broke Japanese code but the Japanese never broke Navajo code(Cipher and Code) which played a crucial role in American victories in Pacific. • Four group of people contributed to cryptography: the military, the diplomatic corps, diarists, and lovers.    
  • 5.
    • The messagesto be encrypted, known as the plaintext, are transformed by a function that is parameterized by a key. • The output of the encryption process, known as the cipher-text, is then transmitted, often by messenger or radio. • We assume that the enemy, or intruder, hears and accurately copies down the complete cipher-text. • But, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. • Intruder is needed to break this code. • The art of breaking ciphers, called cryptanalysis, and the art devising them (cryptography) is collectively known as cryptology. • What is the relation between plaintext, ciphertext, and keys? See next fig. • We will use C = EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext C. • Similarly, P = DK(C) represents the decryption of C to get the plaintext again. Dk(Ek(P)) = P • Secrecy lies exclusively in the keys is called Kerckhoff's principle, named after the Flemish military cryptographer Auguste Kerckhoff who first stated it in 1883 (Kerckhoff, 1883). • Kerckhoff's principle: All algorithms must be public; only the keys are secret. • Trying to keep the algorithm secret is known in the trade as security by obscurity. • The longer the key, the higher the work factor the cryptanalyst has to deal with. • Newspaper cryptograms could be broken trivially if the cryptanalyst were allowed to ask such questions as: What is the encryption of ABCDEFGHIJKL?     • Encryption Methods: – Substitution Ciphers – Transposition Ciphers
  • 6.
    30.6 Figure 30.1 Cryptographycomponents Sender Receiver Plaintext Cipher text Encryption Decryption
  • 7.
  • 8.
  • 9.
    30.9 In symmetric-key cryptography,the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Note
  • 10.
  • 11.
    30.11 Figure 30.5 Keysused in cryptography
  • 12.
    30.12 Figure 30.6 Comparisonbetween two categories of cryptography
  • 13.
    30.13 30-2 SYMMETRIC-KEY CRYPTOGRAPHY 30-2SYMMETRIC-KEY CRYPTOGRAPHY Symmetric-key cryptography started thousands of years Symmetric-key cryptography started thousands of years ago when people needed to exchange secrets (for ago when people needed to exchange secrets (for example, in a war). We still mainly use symmetric-key example, in a war). We still mainly use symmetric-key cryptography in our network security. cryptography in our network security. Traditional Ciphers Simple Modern Ciphers Modern Round Ciphers Mode of Operation Topics discussed in this section: Topics discussed in this section:
  • 14.
  • 15.
    Encryption Model  Theencryption model (for a symmetric- key cipher).
  • 16.
    Substitution Cipher  Ina substitution cipher each letter or group of letters is replaced by another letter or group of letters to disguise it.  Caesar Ciphers:  One of the oldest known ciphers is the Caesar cipher, attributed to Julius Caesar.  In this method,  a becomes D,  b becomes E,  c becomes F,  ... , and  z becomes C.  For example, ‘attack’ becomes ‘DWWDFN’.  Plaintext will be given in lower case letters, and ciphertext in upper case letters.  Caesar cipher allows the ciphertext alphabet to be shifted by k letters, instead of always 3.  In this case k becomes a key to the general method of circularly shifted alphabets.  Disadvantage: Can’t fool everyone. Easy to convert to plaintext. Predictable key.
  • 17.
    30.17 A substitution cipherreplaces one symbol with another. Note
  • 18.
    30.18 The following showsa plaintext and its corresponding ciphertext. Is the cipher monoalphabetic? Key = +3 Example 30.1 Solution The cipher is probably monoalphabetic because both occurrences of L’s are encrypted as O’s.
  • 19.
     Mono-alphabetic substitution:  Thenext improvement is to have each of the symbols in the plaintext, say, the 26 letters for simplicity, map onto some other letter.  For example,  plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z  ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M  The general system of symbol-for-symbol substitution is called a monoalphabetic substitution  key being the 26-letter string corresponding to the full alphabet.  ‘attack’ would be transformed into the ciphertext ‘QZZQEA’.  26! = 4 x 1026 possible keys can be used.  Even at 1 nsec per solution, a computer would take 1010 years to try all the keys.  Disadvantage:  How to carry 26 lettered key? CD? Written? How? Risky.  Predicting is possible.  e is the most common letter, followed by t, o, a, n, i, etc.  The most common two-letter combinations, or digrams, are th, in, er, re, and an.  The most common three-letter combinations, or trigrams, are the, ing, and, and Ion.  Conclusion? If ‘thYt’ stands for that, means ‘a’ has code ‘Y’. substitution of ‘Y’ to ‘a’ would predict many digraphs and trigraphs such as ‘aWZ’ stands for ‘and’. Cryptanalyst would try hard, he can predict the key.
  • 20.
    30.20 The following showsa plaintext and its corresponding ciphertext. Is the cipher monoalphabetic? Example 30.2 Solution The cipher is not monoalphabetic because each occurrence of L is encrypted by a different character. The first L is encrypted as N; the second as Z.
  • 21.
    30.21 The shift cipheris sometimes referred to as the Caesar cipher. Note
  • 22.
    30.22 Use the shiftcipher with key = 15 to encrypt the message “HELLO.” Solution We encrypt one character at a time. Each character is shifted 15 characters down. Letter H is encrypted to W. Letter E is encrypted to T. The first L is encrypted to A. The second L is also encrypted to A. And O is encrypted to D. The cipher text is WTAAD. Example 30.3
  • 23.
    30.23 Use the shiftcipher with key = 15 to decrypt the message “WTAAD.” Solution We decrypt one character at a time. Each character is shifted 15 characters up. Letter W is decrypted to H. Letter T is decrypted to E. The first A is decrypted to L. The second A is decrypted to L. And, finally, D is decrypted to O. The plaintext is HELLO. Example 30.4
  • 24.
    30.24 A transposition cipherreorders (permutes) symbols in a block of symbols. Note
  • 25.
    Transposition Ciphers  Atransposition cipher.
  • 26.
     Transposition cipherreorder the letters but do not disguise them.  The cipher is keyed by a word or phrase not containing any repeated letters.  In this example, MEGABUCK is the key.  The purpose of the key is to number the columns.  Plaintext is written horizontally, in rows, padded to fill the matrix if need be.  The ciphertext is read out by columns, starting with the column whose key letter is the lowest.  Every letter represents itself, keeping the frequency distribution intact.  How to break the cipher as cryptanalyst?  Suppose ‘million dollars’ occurs somewhere in message.  Observes digrams MO, IL, LL, LA, IR by wrapping around.  For k columns, k(k-1) columns can be examined.  Advantage: tough to determine the column sequence.
  • 27.
  • 28.
    30.28 Encrypt the message“HELLO MY DEAR,” using the key shown in Figure 30.8. Solution We first remove the spaces in the message. We then divide the text into blocks of four characters. We add a bogus character Z at the end of the third block. The result is HELL OMYD EARZ. We create a three-block ciphertext ELHLMDOYAZER. Example 30.5
  • 29.
    30.29 Using Example 30.5,decrypt the message “ELHLMDOYAZER”. Solution The result is HELL OMYD EARZ. After removing the bogus character and combining the characters, we get the original message “HELLO MY DEAR.” Example 30.6
  • 30.
  • 31.
  • 32.
  • 33.
    30.33 Figure 30.12 P-boxes:straight, expansion, and compression
  • 34.
    Product Ciphers  Basicelements of product ciphers. (a) P-box. (b) S-box. (c) Product.
  • 35.
     S-Box:  a3-bit plaintext is entered and a 3-bit ciphertext is output.  The 3-bit input selects one of the eight lines exiting from the first stage and sets it to 1.  The second stage is a P-box.  The third stage encodes the selected input line in binary again.  01234567 is input then output would be 24506713.  Product Cipher:  Powerful tool in which p-box and s-box is cascaded forming whole series of boxes to form a product cipher.  12 input lines in p-box.  212 = 4096 crossed wires are needed in middle stage.  Input is broken into 3 bits, each substituted independently.  K bit input to produce k bit output, k is 64 to 256.  Less general, more powerful, becoming complicated function.
  • 36.
    Feistel Cipher Structure Virtually all conventional block encryption algorithms, including DES, have a structure first described by Horst Feistel of IBM in 1973.  Hence, Feistel is called the father of Cryptography.  The realization of a Feistel Network depends on the choice of the following parameters and design features (see next slide):
  • 37.
    Feistel Cipher Structure Block size: larger block sizes mean greater security  Key Size: larger key size means greater security  Number of rounds: multiple rounds offer increasing security  Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis  Round function: greater complexity means greater resistance of cryptanalysis  Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern  Ease of analysis: It should be difficult to analyse the cipher text and conversion of ciphertext to plaintext must be impossible.
  • 39.
    Data Encryption Standard(DES)  The most widely used encryption scheme.  NIST (National Institute of Standards & Technology), as FIPS PUB 46 (Federal Information Processing Standards).  The algorithm is referred to the Data Encryption Algorithm (DEA).  DES is a block cipher.  Minor variation of Feistel.  It has 16 rounds of processing.  The plaintext is processed in 64-bit blocks.  The key is 56 bits in length, which is divided into 16 subkeys, each one is used for each round.  Decryption:  Use ciphertext as input to DES.  Use subkeys Ki in reverse order till K is reached. i.e K16 to K2, K1.
  • 40.
  • 41.
    30.41 Figure 30.14 Oneround in DES ciphers
  • 42.
     DES (DataEncryption Standard), was widely adopted by the industry for use in security products.  DES procedure:  Enciphering a 64-bit data block and a  56-bit key  Step 1: Stage 1: An initial transposition (permutation)  Step 2: Iteration 1 to 16: rounds of a complex key dependent calculation.  Step 3: Stage ‘second last’: 32 bit exchange of leftmost 32 bits with rightmost 32 bits.  Step 4: Stage ‘last’: A final transposition, obtained by just reversing the obtained transposition.  Output: 64 bit ciphertext.  Iteration 1 to 16 procedure:  Each stage takes two 32-bit inputs and produces two 32-bit outputs.  Each of 16 iterations uses different key.  The left output is simply a copy of the right input.  The right output is the bitwise XOR of the left input and a function of the right input and the key for this stage, Ki.  All the complexity lies in this function.  Whitening:  Technique used to make DES sronger.  XORing random 64bit key with each plaintext block before feeding it into DES.  And then again XORing a second 64 bit key with resulting ciphertext before transmitting it.  It can be removed easily by running reverse operation.  It adds more bits to the key length.  Time consuming.  In 1977, standford cryptography researchers Diffie and Hellman designed a machine that breaks DES within 1 day.
  • 43.
     With keylength of 56bits, there are 256 = 7.2 x 1016 possible keys.  Here, brute-force attack appears impractical. How?  Trying each key per microsecond would take more than 10 thousand years to break cipher.  So? DES is secure?  Yes or No?  DES finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation (EFF98) announced that it had broken a DES encryption using a special-purpose “DES Cracker” machine that was built for less than $250,000.  The attack took less than 3 days to break cipher.  Problem?  Solution?  So a 128-bit key is guaranteed to result in an algorithm that is unbreakable by brute force or EFF98.  128-bit key would take over 1018 years to break the code using the EFF cracker.
  • 45.
  • 46.
    Triple DES  (a)Triple encryption using DES.  (b) Decryption.  IBM realized that DES key length was too short and developed: : triple DES.  Here,  2 keys,  3 stages  Procedure:  Step 1: the plaintext is encrypted using DES in the usual way with K1.  Step 2: DES is run in decryption mode, using K2 as the key.  Step 3: Finally, another DES encryption is done with K1.  Why 2 keys are used instead of 3?  Another key would just add overhead for little benefit. So 2 keys are enough.  Why EDE instead of EEE?  Backward compatibility with single encryption decryption algorithm by just replacing k1 = k2.
  • 47.
     Advantage /Attraction of People:  168 bit key length which overcomes the vulnerability of brute force attack.  Same algorithm procedure as DES.  Very resistant to cryptanalysis.  Disadvantage:  Algorithm is relatively sluggish in software, does not produce efficient software codes.  Slower due to 3 times more rounds then DES.  Both DES and 3DES use 64 bit block size, larger block size is desirable for efficiency and security.  Solution?  AES.
  • 48.
    AES – TheAdvanced Encryption Standard  DES began approaching the end of its useful life, even with triple DES.  NIST (National Institute of Standards and Technology), the agency of the U.S. Dept. of Commerce charged with approving standards for the U.S. Federal Government, decided that the government needed a new cryptographic standard for unclassified use as there were problems with DES to be standardized.  They conducted a conference which had following rules for computing cryptography algorithm:  Rules for AES proposals: 1. The algorithm must be a symmetric block cipher. 2. The full design must be public. 3. Key lengths of 128, 192, and 256 bits supported. 4. Both software and hardware implementations required 5. The algorithm must be public or licensed on nondiscriminatory terms.  Out of 16 proposals, 5 were sort listed and 1 was awarded as the best solution/ algorithm so far provided.  Name: Rijndael (from: Joan Daelmen and Vincent Rijnmen, 86 votes).  Let us see that in detail.
  • 49.
    30.49 Table 30.1 AESconfiguration
  • 50.
    30.50 AES has threedifferent configurations with respect to the number of rounds and key size. Note
  • 51.
  • 52.
  • 55.
     Step 1:does a byte-for-byte substitution on state. Each byte in turn is used as an index into an S-box to replace its value by the contents of that S-box entry. This step is a straight mono-alphabetic substitution cipher. Unlike DES, which has multiple S-boxes, Rijndael has only one S-box.  Step 2: rotates each of the four rows to the left. Row 0 is rotated 0 bytes (i.e., not changed), row 1 is rotated 1 byte, row 2 is rotated 2 bytes, and row 3 is rotated 3 bytes. This step diffuses the contents of the current data around the block, analogous to the permutations.  Step 3: mixes up each column independently of the other ones. The mixing is done using matrix multiplication in which the new column is the product of the old column and a constant matrix, with the multiplication done using the finite Galois field, GF(28 ).  Step 4: XORs the key for this round into the state array.  Decryption?  Decryption can be done just by running the algorithm backward.  However, there is also a trick available in which decryption can be done by running the encryption algorithm, using different tables.  Advantages:  Great speed  Great security  Good software implementation on 2GHz machine, achieve 700Mbps encryption rate and encrypt over 100 MPEG-2 videos in real time.  Hardware implementation is also faster.
  • 56.
    30.56 Figure 30.19 Modesof operation for block ciphers
  • 57.
  • 58.
    Electronic Code BookMode  Step 1: Break it up into consecutive 8 byte (64 bits) blocks.  Step 2: Encrypt them one after another with the same key.  Step 3: Last piece of plaintext is padded out to 64bits, if need be.  Also called ECB mode.  Intruder Enjoys by: making a copy of the 12th ciphertext block (which contains Kim's bonus) and use it to replace the 4th ciphertext block (which contains Leslie's bonus) even without knowing what the 12th block says.
  • 59.
    Cipher Block ChainingMode  Cipher block chaining. (a) Encryption. (b) Decryption.  Overcome the disadvantage of ECB mode.  Each plaintext block is XORed with previous ciphertext block before being encrypted.  Step 1: The first block is XORed with a randomly chosen IV (Initialization Vector), which is transmitted (in plaintext) along with the ciphertext.  C0 = E(P0 XOR IV)  Step 2: Then we compute C1 = E(P1 XOR C0), and so on….  Decryption ?  also uses XOR to reverse the process, with P0 = IV XOR D(C0), and so on.  Advantage:  Same plaintext block will not result in the same ciphertext block, making cryptanalysis more difficult.  Disadvantage:  Have to wait until an entire 64-bit block to arrive before decryption can begin.
  • 60.
  • 61.
    Cipher Feedback Mode (a) Encryption. (b) Decryption.  Overcome the disadvantage of Cipher Block Chaining Mode.  Use Triple(DES), Only 128 bit shift register is used.  Step 1: The leftmost byte of that ciphertext is extracted and XORed with P10.  Step 2: That byte is transmitted on the transmission line.  Step 3: In addition, the shift register is shifted left 8 bits, causing C2 to fall off the left end, and C10 is inserted in the position just vacated at the right end by C9.  Need: initialization vector to start the ball rolling.  Decryption? Decryption with cipher feedback mode just does the same thing as encryption. (not decryption).  Disadvantage? One bit transmission error may exist. if one bit of the ciphertext is accidentally inverted during transmission, the 8 bytes that are decrypted while the bad byte is in the shift register will be corrupted.
  • 62.
  • 63.
    Stream Cipher Mode/ OFB  A stream cipher. (a) Encryption. (b) Decryption.  Overcome the disadvantage of 1 bit error.  Step 1: It works by encrypting an initialization vector, using a key to get an output block.  Step 2: The output block is then encrypted, using the key to get a second output block.  Step 3: This block is then encrypted to get a third block, and so on.  Step 4: The (arbitrarily large) sequence of output blocks, called the key stream, is treated like a one-time pad and XORed with the plaintext to get the ciphertext.  Note:  IV is used only on the first step.  Key-stream is independent of the data,  so it can be computed in advance, if need be, and  It is completely insensitive to transmission errors.  Decryption? Decryption occurs by generating the same keystream at the receiving side.  Disadvantage:  Never to use same (key,IV) pair twice otherwise may result to keystream reuse attack.  Decrypting all the blocks ahead of it, an expensive proposition.
  • 64.
  • 65.
    30.65 30-3 ASYMMETRIC-KEY CRYPTOGRAPHY 30-3ASYMMETRIC-KEY CRYPTOGRAPHY An asymmetric-key (or public-key) cipher uses two An asymmetric-key (or public-key) cipher uses two keys: one private and one public. We discuss two keys: one private and one public. We discuss two algorithms: RSA and Diffie-Hellman. algorithms: RSA and Diffie-Hellman. RSA Diffie-Hellman Topics discussed in this section: Topics discussed in this section:
  • 66.
    PUBLIC KEY ALGORITHM:RSA • RSA –Rivest–Shamir –Adelman • Used for all, Encryption, Authentication and Digital Signing. • Has long keys. i.e1024 bits which makes is secure. • Key advantage: difficulty of factoring large integers. • General Algorithm: 1. Generate two large random prime numbers, pand q, equal in size such that n=pq and φ= (p-1)(q-1). 2. Compute n= pq and φ= (p-1)(q-1) 3. Choose an integer ‘e’ such that 1 < e <φ gcd(e,φ) = 1. 4. Compute secret exponent d, 1 < d < φsuch that ed=1(mod φ). 5. The public key is (n,e) and private key (n,d). Keep secret p, q, φ. • Note: • ‘n’ is modulus • ‘e’ and ‘d’ is private key for encryption and decryption respectively. • ‘p’, ‘q’ and ‘φ’ is secret key.
  • 68.
    RSA  An exampleof the RSA algorithm.
  • 69.
  • 71.
    Key Generation Steps: 1. Select two prime numbers, p = 17 and q=11.  2. Calculate n = pq = 17 × 11 = 187.  3. Calculate f(n) = (p-1)(q-1) =16 × 10 =160.  4. Select e such that e is relatively prime to f(n) =160 and less than f(n); we choose e=7.  5. Determine d such that de mod 160 =1 and d < 160.The correct value is d = 23, because 23 × 7= 161.  The resulting keys are public keys and private key are {7, 187} and {23,187}.
  • 72.
    Example:  Keys fora plaintext input of M = 88.  Encryption:  To calculate C = 887 mod 187:  887 mod 187 = [(884 mod 187) × (882 mod 187) × (881 mod 187)] mod 187  881 mod 187 = 88  882 mod 187 = 7744 mod 187 = 77  884 mod 187= 59,969,536 mod 187 = 132  887 mod 187 = (88 × 77 × 132) mod 187 =894,432 mod 187 = 11
  • 73.
    Example of RSAAlgorithm
  • 74.
     Decryption: M =1123 mod187:  1123 mod 187 = [(111 mod 187) × (112 mod 187) × (114 mod 187) × (118 mod 187) × (118 mod 187)] mod 187  111 mod 187 = 11  112 mod 187 = 121  114 mod 187 = 14,641 mod 187 = 55  118 mod 187 = 214,358,881 mod 187 = 33  1123 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod 187 = 88
  • 75.
     Limitations ofRSA:  To defeat the RSA algorithm: Use brute- force approach, i.e try all possible private keys.  The larger the number of bits in e and d, the more secure the algorithm.  Because the calculations involved (both in key generation and in encryption/decryption) are complex, the larger the size of the key, the slower the system will run.
  • 76.
    Diffie-Hellman  The firstpublished public-key algorithm.  Purpose: Exchange a secret key securely. (Also limitation).  Algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.
  • 77.
     There aretwo publicly known numbers:  a prime number q and  an integer α that is (alpha) α primitive root of q.  Suppose the users A and B wish to exchange a key.  User A selects a random integer XA < q and computes YA = aXA mod q.  B independently selects a random integer XB < q and computes YB = aXB mod q.  Each side keeps the X value private and makes the Y value available publicly to the other side.  User A computes the key as K = (YA)X B mod q.  And user B computes the key as  K = (YB )X A mod q.  = (aX B mod q)X A mod q  = (aX B)X A mod q  = aX B X A mod q  = (aX A)X B mod q  = (aX A mod q)X B mod q  K = (YA)X B mod q  The result is that the two sides have exchanged a secret value.
  • 79.
     As XAand XB are private, an adversary only has the following ingredients to work with: q, ,YA, and YB.  Thus, the adversary is forced to take a discrete logarithm to determine the key.  To determine the private key of user B, an adversary must compute XB = dlogα,q(YB).  Security lies with calculation of discrete logarithms.  Lets take one example supporting the algorithm.
  • 81.
    Example:  The primenumber q = 353 and a primitive root of q = 353, in this case α = 3.  A and B select secret keys XA =97 and XB =233, respectively. Each computes its public key: A computes YA = 397 mod 353 = 40. B computes YB =3233 mod 353 = 248.  After they exchange public keys, each can compute the common secret key:  A computes K =(YB) mod 353= 24897 mod 353= 160.  B computes K =(YA) mod 353= 40233 mod 353= 160.  We assume an attacker would have available the following information: q = 353; α = 3; YA = 40; YB = 248.  In this simple example, it would be possible to determine the secret key 160 by brute force.  The brute-force approach is to calculate powers of 3 modulo 353, stopping when the result equals either 40 or 248. The desired answer is reached with the exponent value of 97, which provides 397 mod 353= 40.  With larger numbers, the problem becomes impractical.
  • 82.
    Limitations of Diffie-Hellman The technique does not protect against replay attacks.  Man-In-The-Middle-Attack:  1. Darth generating two private keys XD1 and XD2, and then computing the corresponding public keys YD1 and YD2.  2. Alice transmites YA to Bob.  3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)X D2 mod q.  4. Bob receives YD1 and calculates K1 = (YD1)X B mod q.  5. Bob transmits YB to Alice.  6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)X D1 mod q.  7. Alice receives YD2 and calculates K2 = (YD2)X A mod q.  At this point, Bob and Alice think that they share a secret key. But actually situation is different.  Darth simply wants to eavesdrop. Or modify the message going to Bob.
  • 83.
    30.83 The symmetric (shared)key in the Diffie-Hellman protocol is K = gxy mod p. Note
  • 84.
    30.84 Let us givea trivial example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume g = 7 and p = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21. 2. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4. 3. Alice sends the number 21 to Bob. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 43 mod 23 = 18. 6. Bob calculates the symmetric key K = 216 mod 23 = 18. The value of K is the same for both Alice and Bob; gxy mod p = 718 mod 23 = 18. Example 30.10
  • 85.
  • 86.