Post on 23-Dec-2015
transcript
Introduction
• Background Info
• Stream Ciphers
• Private-key Methods
• Public-key Methods
• Block Ciphers
• Types of Attacks
Constructions of Secure Encryption Schemes
• Key ideas:
– Using any pseudorandom function, one can construct secure private-key encryption schemes
– Using any trapdoor one-way permutation, one can construct secure public-key encryption schemes
– Secure schemes must employ a probabilistic (randomized) encryption algorithm so that one cannot distinguish two encryptions of the same message
Stream Ciphers
• Typically there are less Stream Ciphers in use than Block Ciphers– Difficult to use correctly
• Basis:– Pseudorandom Generators– Keys– States– XOR
Stream Ciphers
• Basic Construction:– Key-generation/Initial State
• Uniformly select R (random number) and generate key pair (r,r) and set initial state to t=0
– Encrypting Plaintext• Encrypt plaintext x with key r and state t such that l=|x| and p
is the l-bit suffix of the encryption algorithm with input r and 1^(t+l) so that ciphertext is x p, and new state is t+l
– Decrypting Ciphertext• Decrypt ciphertext y with key r and state t such that l=|y| and
p is the l-bit suffix again so that the plaintext is y p
Stream Ciphers
• Why are they so hard to use?– Must never reuse a key
• If key is reused, same stream of output generated
– Must keep track of states– Must always depend on other things:
• Some way to agree on keys• Authentication• Synchronization
Private-key Methods
• Basic Construction:– Block Cipher with length n for message x– Generate key by selecting seed s and
applying function fs
– Encryption algorithm selects a uniform string r and produces ciphertext (r,xfs(r))
– Decrypt ciphertext (r,y) using key s by computing yfs(r)
Public-key Methods
• Basic Construction:– Key generation selects a random permutation
p from a collection of trapdoor permutations, along with a trapdoor (p serves as the public-key and serves as the private-key)
– When encrypting a bit b, the encryption algorithm randomly selects an element r in the domain of p and produces ciphertext (p(r),br)
Public-key Methods
– Decrypting occurs by taking ciphertext (y, s) and computing the inverse using or
sr(p-1(y))
• The security of the scheme follows from the one-way feature of the collection p
Block Ciphers
• Basis:– Take blocks of input and encrypt entire block– Reusable keys– Different modes
• Keep in mind potential problem areas:– Block padding– Initialization vectors– Codebook attacks, use the right modes
Block Ciphers
• Modes of Operation:– Different characteristics
• Error propagation• Resynchronization• Block resolution• Efficiency• Increase in data size
– 4 Modes defined in Federal Information Processing Standards
Block Ciphers
• Electronic Code Book – separately encrypt each block, patterns recognizable, “codebook” can be built up
• Cipher Block Chaining – XOR plaintext with previous ciphertext block, then encrypt, use initialization vector for first block, makes identical inputs look different
Block Ciphers
• Ciphertext Feedback – take previous ciphertext, encrypt, then XOR with plaintext
• Output Feedback – encrypt previous output, then XOR with plaintext to get ciphertext, uses counters to determine where to take from output
Block Ciphers
• Basic Construction:– Generate key pair– Encrypt plaintext
• Break message into consecutive blocks of length l (possibly have to augment the last block with some padding)
• Encrypt each block with encryption key r
– Decrypt ciphertext• Decrypt each block with decryption key d and
concatenate blocks less padding to get plaintext
Block Ciphers
• The Basic Construction results in ciphertexts that reveal the exact length of the original plaintext– This is acceptable and completely hiding the
length is futile– Encryption schemes that hide some
information about the length of the plaintext can easily be constructed
Block Ciphers - AES
• Advanced Encryption Standard
• National Institute of Standards and Technology search for standard replacement for DES– Requirements:
• 128 bit blocksize• 128, 192, 256 bit keys
– Finalists announced in August 1999
Block Ciphers - AES
• Joan Daemen and Vincent Rijmen (Belgium)
• Based on an algorithm called Square• Supports keys which are multiples of 32
bits and block sizes which are multiples of 64 bits
• Number of rounds changes based on key size
• Generally faster than the other candidates
Block Ciphers - AES
• Key Schedule for Rijndael:– Expand cipher key (varies depending on key
length, uses linear recurrence relations)– Round keys are taken from the expanded
cipher key– Round keys are then rotated, passed through
the S-box, and XOR’d with a round dependent constant (constants based on similar computation to S-box)
Block Ciphers - AES
• Variable rounds:– 9 if both block and key are 128 bits– 11 if either block or key is 192 bits and neither
are longer than that– 13 if either block or key is 256 bits– etc
Block Ciphers - AES
• Using Rijndael:1. Perform Add Round Key Step (XOR a subkey with
the block)2. Perform rounds:
1. Byte Sub (each byte of the block is replaced by its substitute from an S-box)
2. Shift Row1. Bytes are arranged in a rectangle and shifted,
ex. from to1 5 9 13 1 5 9 132 6 10 14 6 10 14 23 7 11 15 11 15 3 74 8 12 16 16 4 8 12
Block Ciphers - AES• The S-box is:
99 124 119 123 242 107 111 197 48 1 103 43 254 215 171 118202 130 201 125 250 89 71 240173 212 162 175 156 164 114 192183 253 147 38 54 63 247 204 52 165 229 241 113 216 49 21 4 199 35 195 24 150 5 154 7 18 128 226 235 39 178 117 9 131 44 26 27 110 90 160 82 59 214 179 41 227 47 132 83 209 0 237 32 252 177 91106 203 190 57 74 76 88 207208 239 170 251 67 77 51 133 69 249 2 127 80 60 159 168 81 163 64 143 146 157 56 245188 182 218 33 16 255 243 210205 12 19 236 95 151 68 23196 167 126 61 100 93 25 115 96 129 79 220 34 42 144 136 70 238 184 20 222 94 11 219224 50 58 10 73 6 36 92194 211 172 98 145 149 228 121231 200 55 109 141 213 78 169108 86 244 234 101 122 174 8186 120 37 46 28 166 180 198232 221 116 31 75 189 139 138112 62 181 102 72 3 246 14 97 53 87 185 134 193 29 158225 248 152 17 105 217 142 148155 30 135 233 206 85 40 223140 161 137 13 191 230 66 104 65 153 45 15 176 84 187 22
Block Ciphers - AES
3. Mix Column – Matrix multiplication performed where each column is
multiplied by:
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2
4. Add round key (XOR subkey for current round)
» An extra final round is added where the mix column step is omitted
Types of Attacks
• Passive Attacks– Adversary eavesdrops on the line and
possibly gets the sender to encrypt a message of the adversary’s choice and/or gets the sender to decrypt a ciphertext of the adversary’s choice
• Key-oblivious: choice of plaintext does not depend on the key
• Key-dependent: choice of plaintext does depend on the key