Unit II: Data Encryption Techniques and Standards: Reference: Cryptography and Information Security by Dr. Pachghare Prepared for Students, BE Computer Engineering Unit II: Data Encryption Techniques and Standards
Index : Index Introduction, Encryption Methods Stenography applications and limitations, Block Ciphers and methods of operations, Feistal Cipher, Data Encryption Standard(DES), Triple DES, DES Design Criteria, Advance Encryption Standard(AES). 1/12/2016 2 Data Encryption Techniques and Standards
Introduction: Introduction Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms computer use requires automated tools to protect files and other stored information use of networks and communications links requires measures to protect data during transmission 1/12/2016 3 Data Encryption Techniques and Standards
Encryption Methods: Encryption Methods
Symmetric Encryption: Symmetric Encryption or conventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-key was only type prior to invention of public-key in 1970’s and by far most widely used 1/12/2016 5 Data Encryption Techniques and Standards
Some Basic Terminology: Some Basic Terminology plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis ( codebreaking ) - study of principles/ methods of deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis 1/12/2016 6 Data Encryption Techniques and Standards
Symmetric Cipher Model: Symmetric Cipher Model 1/12/2016 7 Data Encryption Techniques and Standards
Requirements: Requirements two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver mathematically have: Y = E K ( X ) X = D K ( Y ) assume encryption algorithm is known implies a secure channel to distribute key 1/12/2016 8 Data Encryption Techniques and Standards
Public-Key Cryptography: Public-Key Cryptography probably most significant advance in the history of cryptography uses two keys – a public & a private key asymmetric since parties are not equal uses clever application of number theoretic concepts to function 1/12/2016 9 Data Encryption Techniques and Standards
Why Public-Key Cryptography?: Why Public-Key Cryptography? developed to address two key issues: key distribution – how to have secure communications in general without having to trust a KDC with your key digital signatures – how to verify a message comes intact from the claimed sender public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in 1976 known earlier in classified community 1/12/2016 10 Data Encryption Techniques and Standards
Public-Key Cryptography: Public-Key Cryptography public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key , which may be known by anybody, and can be used to encrypt messages , and verify signatures a private-key , known only to the recipient, used to decrypt messages , and sign (create) signatures is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures 1/12/2016 11 Data Encryption Techniques and Standards
Public-Key Cryptography: Public-Key Cryptography 1/12/2016 12 Data Encryption Techniques and Standards
Public-Key Characteristics: Public-Key Characteristics Public-Key algorithms rely on two keys where: it is computationally infeasible to find decryption key knowing only algorithm & encryption key it is computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known either of the two related keys can be used for encryption, with the other used for decryption (for some algorithms) 1/12/2016 13 Data Encryption Techniques and Standards
Public-Key Cryptosystems: Public-Key Cryptosystems 1/12/2016 14 Data Encryption Techniques and Standards
Public-Key Applications: Public-Key Applications can classify uses into 3 categories: encryption/decryption (provide secrecy) digital signatures (provide authentication) key exchange (of session keys) some algorithms are suitable for all uses, others are specific to one 1/12/2016 15 Data Encryption Techniques and Standards
Cryptography: Cryptography characterize cryptographic system by: type of encryption operations used substitution / transposition / product number of keys used single-key or private / two-key or public way in which plaintext is processed block / stream 1/12/2016 16 Data Encryption Techniques and Standards
Classical Substitution Ciphers: Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns 1/12/2016 17 Data Encryption Techniques and Standards
Caesar Cipher: Caesar Cipher earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter on example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB 1/12/2016 18 Data Encryption Techniques and Standards
Caesar Cipher: Caesar Cipher can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 then have Caesar cipher as: c = E( p ) = ( p + k ) mod (26) p = D(c) = (c – k ) mod (26) 1/12/2016 19 Data Encryption Techniques and Standards
Cryptanalysis of Caesar Cipher : Cryptanalysis of Caesar Cipher only have 26 possible ciphers A maps to A,B,..Z could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM" 1/12/2016 20 Data Encryption Techniques and Standards
Monoalphabetic Cipher: Monoalphabetic Cipher rather than just shifting the alphabet could shuffle the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plain: Happy New Year Cipher: ? 1/12/2016 21 Data Encryption Techniques and Standards
Monoalphabetic Cipher Security: Monoalphabetic Cipher Security now have a total of 26! or greater keys with so many keys, might think is secure but would be !!!WRONG!!! problem is language characteristics 1/12/2016 22 Data Encryption Techniques and Standards
Language Redundancy and Cryptanalysis: Language Redundancy and Cryptanalysis human languages are redundant letters are not equally commonly used in English E is by far the most common letter followed by T,R,N,I,O,A,S other letters like Z,J,K,Q,X are fairly rare 1/12/2016 23 Data Encryption Techniques and Standards
English Letter Frequencies: English Letter Frequencies 1/12/2016 24 Data Encryption Techniques and Standards
Example Cryptanalysis: Example Cryptanalysis given ciphertext : UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ count relative letter frequencies (see text) guess P & Z are e and t guess ZW is th and hence ZWP is the proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow 1/12/2016 25 Data Encryption Techniques and Standards
Playfair Cipher: Playfair Cipher not even the large number of keys in a monoalphabetic cipher provides security one approach to improving security was to encrypt multiple letters the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair 1/12/2016 26 Data Encryption Techniques and Standards
Playfair Key Matrix: Playfair Key Matrix a 5X5 matrix of letters based on a keyword fill in letters of keyword fill rest of matrix with other letters eg . using the keyword MONARCHY M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z 1/12/2016 27 Data Encryption Techniques and Standards
Encrypting and Decrypting: Encrypting and Decrypting plaintext is encrypted two letters at a time if a pair is a repeated letter, insert filler like 'X’ if both letters fall in the same row, replace each with letter to right (wrapping back to start from end) if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom) otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair 1/12/2016 28 Data Encryption Techniques and Standards
Security of Playfair Cipher: Security of Playfair Cipher security much improved over monoalphabetic since have 26 x 26 = 676 digrams would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic ) and correspondingly more ciphertext was widely used for many years eg . by US & British military in WWI it can be broken, given a few hundred letters since still has much of plaintext structure 1/12/2016 29 Data Encryption Techniques and Standards
Polyalphabetic Ciphers: Polyalphabetic Ciphers polyalphabetic substitution ciphers improve security using multiple cipher alphabets make cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reached 1/12/2016 30 Data Encryption Techniques and Standards
Vigenère Cipher: Vigenère Cipher simplest polyalphabetic substitution cipher effectively multiple caesar ciphers key is multiple letters long K = k 1 k 2 ... k d i th letter specifies i th alphabet to use use each alphabet in turn repeat from start after the letters in message decryption simply works in reverse 1/12/2016 31 Data Encryption Techniques and Standards
Example of Vigenère Cipher: Example of Vigenère Cipher write the plaintext out write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plaintext letter eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ Decryption is equally simple. The key letter again identifies the row. The position of the ciphertext letter in that row determines the column, and the plaintext letter is at the top of that column. 1/12/2016 32 Data Encryption Techniques and Standards
Slide33: 1/12/2016 33 Data Encryption Techniques and Standards
Security of Vigenère Ciphers: Security of Vigenère Ciphers have multiple ciphertext letters for each plaintext letter hence letter frequencies are obscured but not totally lost start with letter frequencies see if look monoalphabetic or not if not, then need to determine number of alphabets, since then can attach each 1/12/2016 34 Data Encryption Techniques and Standards
One-Time Pad: One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time pad is unbreakable since ciphertext bears no statistical relationship to the plaintext since for any plaintext & any ciphertext there exists a key mapping one to other can only use the key once though problems in generation & safe distribution of key 1/12/2016 35 Data Encryption Techniques and Standards
Transposition Ciphers: Transposition Ciphers now consider classical transposition or permutation ciphers these hide the message by rearranging the letter order without altering the actual letters used can recognise these since have the same frequency distribution as the original text 1/12/2016 36 Data Encryption Techniques and Standards
Rail Fence cipher: Rail Fence cipher write message letters out diagonally over a number of rows then read off cipher row by row eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t giving ciphertext MEMATRHTGPRYETEFETEOAAT 1/12/2016 37 Data Encryption Techniques and Standards
Row Transposition Ciphers: Row Transposition Ciphers a more complex transposition write letters of message out in rows over a specified number of columns then reorder the columns according to some key before reading off the rows Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext : TTNAAPTMTSUOAODWCOIXKNLYPETZ 1/12/2016 38 Data Encryption Techniques and Standards
Product Ciphers: Product Ciphers ciphers using substitutions or transpositions are not secure because of language characteristics hence consider using several ciphers in succession to make harder, but: two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new much harder cipher this is bridge from classical to modern ciphers 1/12/2016 39 Data Encryption Techniques and Standards
Steganography: Steganography an alternative to encryption hides existence of message using only a subset of letters/words in a longer message marked in some way using invisible ink hiding in graphic image or sound file has drawbacks high overhead to hide relatively few info bits 1/12/2016 40 Data Encryption Techniques and Standards
Block Ciphers and methods of operations: Block Ciphers and methods of operations
Modes of Operation: Modes of Operation block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts of data in practise ANSI X3.106-1983 Modes of Use (now FIPS 81) defines 4 possible modes subsequently 5 defined for AES & DES have block and stream modes 1/12/2016 42 Data Encryption Techniques and Standards
Electronic Codebook Book (ECB): Electronic Codebook Book (ECB) message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks C i = DES K1 (P i ) uses: secure transmission of single values 1/12/2016 43 Data Encryption Techniques and Standards
Electronic Codebook Book (ECB): Electronic Codebook Book (ECB) 1/12/2016 44 Data Encryption Techniques and Standards
Advantages and Limitations of ECB: Advantages and Limitations of ECB message repetitions may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem weakness is due to the encrypted message blocks being independent main use is sending a few blocks of data 1/12/2016 45 Data Encryption Techniques and Standards
Cipher Block Chaining (CBC) : Cipher Block Chaining (CBC) message is broken into blocks linked together in encryption operation each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process C i = DES K1 (P i XOR C i-1 ) C -1 = IV uses: bulk data encryption, authentication 1/12/2016 46 Data Encryption Techniques and Standards
Cipher Block Chaining (CBC): Cipher Block Chaining (CBC) 1/12/2016 47 Data Encryption Techniques and Standards
Message Padding: Message Padding at end of message must handle a possible last short block which is not as large as block size of cipher pad either with known non-data value (eg nulls) or pad last block along with count of pad size eg. [ b1 b2 b3 0 0 0 0 5] means have 3 data bytes, then 5 bytes pad+count this may require an extra entire block over those in message there are other, more esoteric modes, which avoid the need for an extra block 1/12/2016 48 Data Encryption Techniques and Standards
Advantages and Limitations of CBC: Advantages and Limitations of CBC a ciphertext block depends on all blocks before it any change to a block affects all following ciphertext blocks need Initialization Vector (IV) which must be known to sender & receiver if sent in clear, attacker can change bits of first block, and change IV to compensate hence IV must either be a fixed value or must be sent encrypted in ECB mode before rest of message 1/12/2016 49 Data Encryption Techniques and Standards
Cipher FeedBack (CFB): Cipher FeedBack (CFB) message is treated as a stream of bits added to the output of the block cipher result is feed back for next stage (hence name) standard allows any number of bit (1,8, 64 or 128 etc) to be feed back denoted CFB-1, CFB-8, CFB-64, CFB-128 etc most efficient to use all bits in block (64 or 128) C i = P i XOR DES K1 (C i-1 ) C -1 = IV uses: stream data encryption, authentication 1/12/2016 50 Data Encryption Techniques and Standards
Cipher FeedBack (CFB): Cipher FeedBack (CFB) 1/12/2016 51 Data Encryption Techniques and Standards
Advantages and Limitations of CFB: Advantages and Limitations of CFB appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error 1/12/2016 52 Data Encryption Techniques and Standards
Output FeedBack (OFB): Output FeedBack (OFB) message is treated as a stream of bits output of cipher is added to message output is then feed back (hence name) feedback is independent of message can be computed as C i = P i XOR O i O i = DES K1 (O i-1 ) O -1 = IV uses: stream encryption on noisy channels 1/12/2016 53 Data Encryption Techniques and Standards
Output FeedBack (OFB) Encryption: Output FeedBack (OFB) Encryption 1/12/2016 54 Data Encryption Techniques and Standards
Output FeedBack (OFB) Decryption: Output FeedBack (OFB) Decryption 1/12/2016 55 Data Encryption Techniques and Standards
Advantages and Limitations of OFB: Advantages and Limitations of OFB bit errors do not propagate more vulnerable to message stream modification research has shown that only full block feedback ( ie CFB-64 or CFB-128) should ever be used 1/12/2016 56 Data Encryption Techniques and Standards
Counter (CTR): Counter (CTR) a “new” mode, though proposed early on similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i O i = DES K1 (i) uses: high-speed network encryptions 1/12/2016 57 Data Encryption Techniques and Standards
Counter (CTR): Counter (CTR) 1/12/2016 58 Data Encryption Techniques and Standards
Advantages and Limitations of CTR: Advantages and Limitations of CTR efficiency can do parallel encryptions can preprocess in advance of need good for bursty high speed links random access to encrypted data blocks provable security (good as other modes) but must ensure never reuse key/counter values, otherwise could break (OFB) 1/12/2016 59 Data Encryption Techniques and Standards
Modern Block Ciphers: Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate block cipher design principles 1/12/2016 60 Data Encryption Techniques and Standards
Block vs Stream Ciphers: Block vs Stream Ciphers block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more stream ciphers process messages a bit or byte at a time when en/decrypting many current ciphers are block ciphers broader range of applications 1/12/2016 61 Data Encryption Techniques and Standards
Block Cipher Principles: Block Cipher Principles most symmetric block ciphers are based on a Feistel Cipher Structure block ciphers look like an extremely large substitution instead create from smaller building blocks using idea of a product cipher 1/12/2016 62 Data Encryption Techniques and Standards
Slide63: Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paper form basis of modern block ciphers S-P nets are based on the two primitive cryptographic operations seen before: substitution (S-box) permutation (P-box) provide confusion & diffusion of message & key Claude Shannon and Substitution-Permutation Ciphers 1/12/2016 63 Data Encryption Techniques and Standards
Confusion and Diffusion: Confusion and Diffusion cipher needs to completely obscure statistical properties of original message a one-time pad does this more practically Shannon suggested combining S & P elements to obtain: diffusion – dissipates statistical structure of plaintext over bulk of ciphertext confusion – makes relationship between ciphertext and key as complex as possible 1/12/2016 64 Data Encryption Techniques and Standards
Feistel Cipher Structure: Feistel Cipher Structure Horst Feistel devised the feistel cipher based on concept of invertible product cipher partitions input block into two halves process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves implements Shannon’s S-P net concept 1/12/2016 65 Data Encryption Techniques and Standards
Slide66: 1/12/2016 66 Data Encryption Techniques and Standards Cntd ....
Feistel Cipher Design Elements: Feistel Cipher Design Elements block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis 1/12/2016 67 Data Encryption Techniques and Standards
Feistel Cipher Decryption: Feistel Cipher Decryption 1/12/2016 68 Data Encryption Techniques and Standards
Data Encryption Standard (DES): Data Encryption Standard (DES) most widely used block cipher in world adopted in 1977 by NBS (now NIST) as FIPS ( Federal Information Processing Standard ) PUB 46 encrypts 64-bit data using 56-bit key has widespread use has been considerable controversy over its security 1/12/2016 69 Data Encryption Techniques and Standards
DES History: DES History IBM developed Lucifer cipher by team led by Feistel in late 60’s used 64-bit data blocks with 128-bit key then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES 1/12/2016 70 Data Encryption Techniques and Standards
DES Design Controversy: DES Design Controversy although DES standard is public was considerable controversy over design in choice of 56-bit key (vs Lucifer 128-bit) and because design criteria were classified subsequent events and public analysis show in fact design was appropriate use of DES has flourished especially in financial applications still standardised for legacy application use 1/12/2016 71 Data Encryption Techniques and Standards
DES Encryption Overview: DES Encryption Overview 1/12/2016 72 Data Encryption Techniques and Standards
Slide73: Single Round of DES Algorithm 1/12/2016 73 Data Encryption Techniques and Standards
Initial Permutation IP: Initial Permutation IP first step of the data computation IP reorders the input data bits quite regular in structure 1/12/2016 74 Data Encryption Techniques and Standards
Slide75: To see that these two permutation functions are indeed the inverse of each other, consider the following 64-bit input M: 1/12/2016 75 Data Encryption Techniques and Standards
Slide76: where Mi is a binary digit. Then the permutation X = IP(M) is as follows: 1/12/2016 76 Data Encryption Techniques and Standards
DES Round Structure: DES Round Structure uses two 32-bit L & R halves as for any Feistel cipher can describe as: L i = R i –1 R i = L i –1 F( R i –1 , K i ) F takes 32-bit R half and 48-bit subkey : expands R to 48-bits using perm E adds to subkey using XOR passes through 8 S-boxes to get 32-bit result finally permutes using 32-bit perm P 1/12/2016 77 Data Encryption Techniques and Standards
DES Round Structure: DES Round Structure 1/12/2016 78 Data Encryption Techniques and Standards
Substitution Boxes S: Substitution Boxes S have eight S-boxes which map 6 to 4 bits each S-box is actually 4 little 4 bit boxes outer bits 1 & 6 ( row bits) select one row of 4 inner bits 2-5 ( col bits) are substituted result is 8 lots of 4 bits, or 32 bits row selection depends on both data & key feature known as autoclaving (autokeying) example: S(18 09 12 3d 11 17 38 39) = 5fd25e03 1/12/2016 79 Data Encryption Techniques and Standards
Slide80: 1/12/2016 80 Data Encryption Techniques and Standards
DES Key Schedule: DES Key Schedule forms subkeys used in each round initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves 16 stages consisting of: rotating each half separately either 1 or 2 places depending on the key rotation schedule K selecting 24-bits from each half & permuting them by PC2 for use in round function F 1/12/2016 81 Data Encryption Techniques and Standards
DES Decryption: DES Decryption decrypt must unwind steps of data computation with Feistel design, do encryption steps again using subkeys in reverse order (SK16 … SK1) IP undoes final FP step of encryption 1st round with SK16 undoes 16th encrypt round …. 16th round with SK1 undoes 1st encrypt round then final FP undoes initial encryption IP thus recovering original data value 1/12/2016 82 Data Encryption Techniques and Standards
Strength of DES – Key Size: Strength of DES – Key Size 56-bit keys have 2 56 = 7.2 x 10 16 values brute force search looks hard recent advances have shown is possible in 1997 on Internet in a few months in 1998 on dedicated h/w (EFF) in a few days in 1999 above combined in 22hrs! still must be able to recognize plaintext must now consider alternatives to DES 1/12/2016 83 Data Encryption Techniques and Standards
Advanced Encryption Standard: Advanced Encryption Standard
Origins: Origins clear a replacement for DES was needed have theoretical attacks that can break it can use Triple-DES Advt: 168bit key & Algorithm Disadvt: Size of Block & Slow. US NIST issued call for ciphers in 1997 15 candidates accepted in Jun 98 5 were shortlisted in Aug-99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001 1/12/2016 85 Data Encryption Techniques and Standards
AES Requirements: AES Requirements private key symmetric block cipher 128-bit data, 128/192/256-bit keys stronger & faster than Triple-DES provide full specification & design details both C & Java implementations 1/12/2016 86 Data Encryption Techniques and Standards
AES Evaluation Criteria: AES Evaluation Criteria initial criteria: security – effort for practical cryptanalysis cost – in terms of computational efficiency algorithm & implementation characteristics 1/12/2016 87 Data Encryption Techniques and Standards
The AES Cipher - Rijndael : The AES Cipher - Rijndael designed by Rijmen-Daemen in Belgium has 128/192/256 bit keys, 128 bit data an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity 1/12/2016 88 Data Encryption Techniques and Standards
Rijndael: Rijndael data block of 4 columns of 4 bytes is state key is expanded to array of words has rounds in which state undergoes: byte substitution (1 S-box used on every byte) shift rows (simple permute) Mix columns (subs using matrix multipy of groups) Add round key (XOR state with key material) View as alternating XOR key & scramble data bytes 1/12/2016 89 Data Encryption Techniques and Standards
Rijndael: Rijndael 1/12/2016 90 Data Encryption Techniques and Standards
Byte Substitution: Byte Substitution a simple substitution of each byte uses one table of 16x16 bytes containing a permutation of all 256 8-bit values each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by byte in row 9 column 5 which has value {2A} S-box constructed using defined transformation of values in GF(2 8 ) designed to be resistant to all known attacks 1/12/2016 91 Data Encryption Techniques and Standards
Byte Substitution: Byte Substitution 1/12/2016 92 Data Encryption Techniques and Standards
Shift Rows: Shift Rows a circular byte shift in each round 1 st row is unchanged 2 nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left decrypt inverts using shifts to right since state is processed by columns, this step permutes bytes between the columns 1/12/2016 93 Data Encryption Techniques and Standards
Shift Rows: Shift Rows 1/12/2016 94 Data Encryption Techniques and Standards
Mix Columns: Mix Columns each column is processed separately each byte is replaced by a value dependent on all 4 bytes in the column effectively a matrix multiplication in GF(2 8 ) using prime poly m(x) =x 8 +x 4 +x 3 +x+1 1/12/2016 95 Data Encryption Techniques and Standards
Mix Columns: Mix Columns 1/12/2016 96 Data Encryption Techniques and Standards
Add Round Key: Add Round Key XOR state with 128-bits of the round key again processed by column (though effectively a series of byte operations) inverse for decryption identical since XOR own inverse, with reversed keys designed to be as simple as possible a form of Vernam cipher on expanded key requires other stages for complexity / security 1/12/2016 97 Data Encryption Techniques and Standards
Add Round Key: Add Round Key 1/12/2016 98 Data Encryption Techniques and Standards
AES Round: AES Round 1/12/2016 99 Data Encryption Techniques and Standards
AES Decryption: AES Decryption AES decryption is not identical to encryption since steps done in reverse but can define an equivalent inverse cipher with steps as for encryption but using inverses of each step with a different key schedule works since result is unchanged when swap byte substitution & shift rows swap mix columns & add (tweaked) round key 1/12/2016 100 Data Encryption Techniques and Standards
AES Decryption: AES Decryption 1/12/2016 101 Data Encryption Techniques and Standards
Implementation Aspects: Implementation Aspects can efficiently implement on 8-bit CPU byte substitution works on bytes using a table of 256 entries shift rows is simple byte shift add round key works on byte XOR’s mix columns requires matrix multiply in GF(2 8 ) which works on byte values, can be simplified to use table lookups & byte XOR’s 1/12/2016 102 Data Encryption Techniques and Standards
Multiple Encryption & Triple DES: Multiple Encryption & Triple DES
Multiple Encryption & Triple DES: Multiple Encryption & Triple DES clear a replacement for DES was needed theoretical attacks that can break it demonstrated exhaustive key search attacks AES is a new cipher alternative prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form 1/12/2016 104 Data Encryption Techniques and Standards
Double-DES?: Double-DES? could use 2 DES encrypts on each block C = E K2 (E K1 (P)) issue of reduction to single stage works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store then decrypt C with keys and match X value 1/12/2016 105 Data Encryption Techniques and Standards
Triple-DES with Two-Keys: Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) nb encrypt & decrypt equivalent in security if K1=K2 then can work with single DES standardized in ANSI X9.17 & ISO8732 no current known practical attacks 1/12/2016 106 Data Encryption Techniques and Standards
Triple-DES with Three-Keys: Triple-DES with Three-Keys although are no practical attacks on two-key Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these C = E K3 (D K2 (E K1 (P))) has been adopted by some Internet applications, eg PGP, S/MIME 1/12/2016 107 Data Encryption Techniques and Standards