Conventional Encryption
//Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
Henric Johnson 1
Outline
Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution
Henric Johnson
Security depends on the secrecy of the key, not the secrecy of the algorithm.
Henric Johnson 3
Henric Johnson
Cryptography
1. The
Two general principles: A. Substitution: An element in plaintext is mapped into another element. B. Transposition: Elements in the plaintext are rearranged. >>Fundamental requirements: all operations be reversible. >> Most systems use a combination of substitution and transposition. Henric Johnson
Cryptography
2. The number of keys used
symmetric (single key) Both sender and receiver use the same key. asymmetric (two-keys, or public-key encryption) Sender and receiver use a different key.
Henric Johnson
Cryptography
3. The way in which the plaintext is processed
Block cipher: Encrypts/decrypts a block at a time. Stream cipher: Encrypts/decrypts one element a time.
Henric Johnson
Cryptanalysis
The process of discovering the key or the plaintext.
Strategy depends upon the type of encryption scheme and the amount of information available.
Types of Attacks:
Ciphertext only, Known plaintext, Chosen plaintext, Chosen ciphertext, and Chosen text. //It is assumed that the encryption algorithm is known to a Henric Johnson cryptanalyst.// 8
Cryptanalysis
Types of Attacks --------------------Ciphertext only. Known plaintext. Info. Known to Cryptanalyst -------------------------------Ciphertext to be decoded. -Ciphertext to be decoded. -Corresponding plaintext. -Plaintext message of the choice of cryptanalyst and corresponding ciphertext.
Chosen plaintext.
Henric Johnson
Cryptanalysis
Types of Attacks --------------------Chosen ciphertext. Info. Known to Cryptanalyst -------------------------------Ciphertext to be decoded. -Purported ciphertext chosen by the cryptanalyst along with corresponding plaintext.
Henric Johnson
10
Cryptanalysis
Types of Attacks --------------------Chosen text. Info. Known to Cryptanalyst -------------------------------Ciphertext to be decoded. -Purported ciphertext chosen by the cryptanalyst along with corresponding plaintext. -Plaintext message of the choice of cryptanalyst and corresponding ciphertext.
Henric Johnson 11
No matter how much time and resources an intruder has, he/she can not decrypt the ciphercode.
>No encryption method is unconditionally secure except one. (One-time pad)
Henric Johnson
12
One-time Pad
A random key sequence is used with no repetitions. >The key is as long as the message. > Ciphertext bears no statistical relationship to the plaintext. A Problem: Sender and receiver must possess this random key sequence.
Henric Johnson 13
Henric Johnson
22
Henric Johnson
24
DES
Initial Permutation (IP): The plaintext block undergoes an intial permutation. > 64 bits of the block are permuted. A Complex Transformation: 64 bit permuted block undergoes 16 rounds of complex transformation. (Using subkeys)
Henric Johnson 25
DES
32-bit swap: 32 bit left and right halves of the output of the 16th round are swapped. Inverse Initial Permutation (IP-1): The 64 bit output undergoes a permutation that is inverse of the intial permutation. >The 64 bit output is the ciphertext.
Henric Johnson 26
Henric Johnson
27
DES
The complex processing at each iteration/round: Li = Ri-1 Ri = Li-1 F(Ri-1, Ki)
DES
Details of function F: >32 bit input is expanded into 48 bits. -This is done by permuting and duplicating some bits of 32 bits. >Exclusive OR operation is performed between these 48 bits and 48 bit subkey.
Henric Johnson 29
DES
Details of function F:... > 48 bit output of the Exclusive OR operation is grouped into 8 groups of 6 bits each. > Each 6 bit group is fed into a 6to-4 substitution box that transforms 6 bits to 4 bits.
Henric Johnson 30
DES
Details of function F:... > 32 bit output of 8 substitution boxes is fed into a permutation box. > The 32 bit output of the permutation box is F(Ri-1, Ki).
Henric Johnson 31
DES
Concerns about:
The key length (56-bits) > 56 bit key was adequate in 70s. > With faster processors, this encryption method is no longer safe.
Henric Johnson
32
Henric Johnson
33
Triple DEA
Use three keys and three executions of the DES algorithm (encryptdecrypt-encrypt)
C = EK3[DK2[EK1[P]]]
C = ciphertext P = Plaintext EK[X] = encryption of X using key K DK[Y] = decryption of Y using key K
Triple DEA
Henric Johnson
35
Henric Johnson
37
IDEA...
Confusion: -Achieved by mixing three different operations. -Each operation takes two 16-bit inputs and produces a 16-bit output. Three Operations: 1. Bit-by-bit Exclusive-OR. 2. Addition of integers modulo 2^16 (=65536) Henric Johnson 41
IDEA
2. Addition of integers modulo 2^16... -inputs and output are treated as 16 bit unsunged integers. 3. Multiplication of integers modulo 2^16+1 (=65537). -inputs and output are treated as 16 bit unsunged integers. -A block of all zeros is treated as 2^16.
Henric Johnson 42
IDEA
Three Operations:.. in combination provide a complex transformation making cryptanalysis very difficult. Three operations are incompatible: >No two satisfy distributive law. >No two satisfy associate law.
Henric Johnson 43
IDEA
Diffusion: Provided by a multiplication/addition structure (MA). >Takes two inputs: (1) Two 16 bit values derived from plaintext. (2) Two 16 bit subkeys derived from the key. >Produces two 16 bit outputs.
Henric Johnson 44
IDEA
Diffusion:.. >Each output bit depends on every input bit and on every bit of the subkeys. //meaning lot of diffusion.//
>This structure is repeated 8 times in the encryption algorithm. //provides very effective diffusion.//
Henric Johnson 45
IDEA
Encryption Algorithm: //draw fig. 4.4.// >Consists of eight rounds. >64 bit input is divided into four 16-bit subblocks. >Each round uses six 16-bit keys. >Each round produces four 16-bit outputs. >Output of a round is fed into the next round.
Henric Johnson 46
IDEA
Details of a Single Round: //draw fig. 4.5// >Four input sub-blocks are combined with four subkeys producing 4 output sub-blocks. >Four output sub-blocks are combined using XOR operation to from two 16 bit blocks. >These two blocks are fed into the MA structure. >MA structure takes & produces two 16-bit outputs. >Four outputs of upper transformation are combined with the two outputs of MA structure to produce four output blocks for this round.
Henric Johnson 47
Blowfish
Encryption: Uses two primitive operations: 1. Addition: performed modulo 2^32. 2. Bitwise Exclusive-OR. > These two operations do not commute. >Making cryptanalysis difficult.
Henric Johnson 49
Blowfish
Encryption Algorithm: //draw Fig. 4.9a// -Plaintext is divided into two 32 bit halves. -Go through 16 rounds of transformation using subkeys. -Each rounds takes two 32 bit inputs and produces two 32 outputs. -Output of a round is fed into the next round. -The output of 16th round is exclusive-ORed with 17th and 18th subkeys to produce the ciphertext.
Henric Johnson 50
Blowfish
Details of a Single Round: //draw Fig. 4.10// - Each round includes complex use of addition modulo 2^32, Ex-OR, and substitution using SBoxes. - 32 bit input to the function F is divided into four bytes. -Each byte goes through a separate S-box and is expanded into 32 bits. -32 bit outputs go through complex transformation using addition modulo 2^32 and Ex-OR.
Henric Johnson 51
RC5 Suitable for hardware and software Fast, simple Adaptable to processors of different word lengths Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations (circular bit shifts) Cast-128 Key size from 40 to 128 bits The round function differs from round to round
Henric Johnson 52
End-to-end encryption
High Security: Both link and end-to-end encryption are needed (see Figure 2.9)
Henric Johnson
53
Henric Johnson
54
Key Distribution
1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. Henric Johnson 55
Permanent key:
Used between entities for the purpose of distributing session keys
Henric Johnson
56
Henric Johnson
57
Recommended Reading
Stallings, W. Cryptography and
1999 Scneier, B. Applied Cryptography, New York: Wiley, 1996 Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001
Henric Johnson
58