Академический Документы
Профессиональный Документы
Культура Документы
3
Review
– Cryptography : cryptology, crypt-analyst
– Attacks to cryptosystem
4
Block Ciphers vs Stream Ciphers
• Block ciphers
– DES and AES…
– For each block, perform multiple rounds of
confusion and diffusion operations
• Stream ciphers
– Vernam,…
– Bit by bit operations (RC4 & RC5)
5
DES Vs AES
6
DES
© Yingjiu Li 2007 8
Security Concerns
56 bit key is too short
– Can be broken on average in 2^55 ≈3.6*10^16
trials
– Moore’s law: speed of processor doubles per 1.5
yr
– 1997: 3500 machines broke DES in about 4
months
– 1998: 1M dollar machine broke DES in about 4
days
9
Multiple DESes
• Two-Key DES
Data
K1 E E C
K2
– Total key size is 56x2=112 bits; but the effective key size is only 57 bits
only!
• Triple DES (3DES)
Data
E D E C
K1 K2 K1
10
Evolution of
AES
11
AES - Evolution
• DES cracked, Triple-DES slow: what next?
• 1997 NIST call – 21 proposals submitted
• 1998 NIST, 15 out of 21 accepted (I-Level)
• 1999 NIST, 5 out of 15 (II-Level)
– Final five
• Rijndael (Joan Daemen and Vincent Rijment),
• Serpent(Ross Anderson),
• Twofish(Bruce Schneier),
• RC6(Don Rivest, Lisa Yin),
• MARS (Don Coppersmith, IBM)
• 2000 Rijndael won
• 2001 NIST announced the draft of FIPS (FIPS 197) as
AES & 2002 Rijndael became AES
12
13
AES vs DES
DES AES
Date 1976 1999
Block size 64 128
Key length 56 128, 192, 256
Number of rounds 16 Initial Round + (9,11,13)
Encryption primitives Substitution, permutation Substitution, shift, bit mixing
Cryptographic primitives Confusion, diffusion Confusion, diffusion
Design Open Open
Design rationale Closed Open
Selection process Secret Secret, but accept open
public comment
Source IBM, enhanced by National Independent cryptographers
Security Agency (NSA)
14
Advanced Encryption Standard (AES)
- Criteria
- Rounds
- Data Units
- Structure of Each Round
7.15
AES Criteria
1. Security
2. Cost
3. Implementation.
7.16
Processing of
AES
17
AES Rounds
Note
7.19
AES Data Units
Data units used in AES
7.20
AES Data Units …Continued
7.21
AES Data Units - Example
Example - 1
Plain Text: AES uses a Matrix
7.22
Structure of Each Round
Structure of each round at the encryption site
7.23
TRANSFORMATIONS
SubBytes
The first transformation, SubBytes, is used at the
encryption site. To substitute a byte, we interpret the byte
as two hexadecimal digits.
Note
SubBytes transformation
7.26
Substitution …Continued
7.27
Substitution …Continued
7.28
Substitution …Continued
InvSubBytes
7.29
Substitution …Continued
InvSubBytes (Continued)
7.30
Substitution …Continued
Example - 2
7.31
Substitution …Continued
Note
7.32
Substitution …Continued
SubBytes and InvSubBytes processes
7.33
Substitution …Continued
Example - 3
7.34
Substitution …Continued
7.35
Permutation
ShiftRows transformation
7.36
Permutation …Continued
InvShiftRows
In the decryption, the transformation is called
InvShiftRows and the shifting is to the right.
7.37
Permutation …Continued
Example - 4
7.38
Mixing
7.39
Mixing …Continued
7.40
Mixing …Continued
MixColumns
The MixColumns transformation operates at the column
level; it transforms each column of the state to a new
column.
MixColumns transformation
7.41
Mixing …Continued
InvMixColumns
The InvMixColumns transformation is basically the same
as the MixColumns transformation.
Note
7.42
Mixing …Continued
7.43
Mixing …Continued
Example - 5
7.44
Key Adding
AddRoundKey
AddRoundKey proceeds one column at a time.
AddRoundKey adds a round key word with each state
column matrix; the operation in AddRoundKey is matrix
addition.
Note
7.45
Key Adding …Continued
AddRoundKey transformation
7.46
KEY EXPANSION
7.47
Key Expansion …Continued
7.48
Key Expansion in AES-128
Key expansion in AES
7.49
Process - Key Expansion in AES-128
50
Key Expansion in AES-128
7.51
Key Expansion in AES-128
7.52
Key Expansion in AES-128
7.53
Key Expansion in AES-128
Example - 6
Table shows how the keys for each round are calculated assuming
that the 128-bit cipher key agreed upon by Alice and Bob is
(24 75 A2 B3 34 75 56 88 31 E2 12 00 13 AA 54 87)16.
7.54
Key Expansion in AES-128
Example - 7
Each round key in AES depends on the previous round key. The
dependency, however, is nonlinear because of SubWord
transformation. The addition of the round constants also
guarantees that each round key will be different from the
previous one.
Example - 8
The two sets of round keys can be created from two cipher keys
that are different only in one bit.
7.55
Key Expansion in AES-128
Example - 8 Continue
7.56
Key Expansion in AES-128
Example - 9
The words in the pre-round and the first round are all the same.
In the second round, the first word matches with the third; the
second word matches with the fourth. However, after the second
round the pattern disappears; every word is different.
7.57
Key Expansion in AES-192 and AES-256
7.58
Key-Expansion Analysis
The key-expansion mechanism in AES has been
designed to provide several features that thwart the
cryptanalyst.
7.59
Design of
AES
60
AES – Encryption & Decryption
7.61
AES Encryption and Decryption - Original Design
Ciphers and inverse ciphers of the original design
7.62
AES Original Design …Continued
Algorithm
The code for the AES-128 version of this design is shown
7.63
AES - Alternative Design
7.64
AES - Alternative Design …Continued
7.65
AES - Alternative Design …Continued
Cipher and reverse cipher in alternate design
7.66
AES - Alternative Design …Continued
7.67
Examples of
AES
68
AES Examples
Example - 10
The following shows the ciphertext block created from a
plaintext block using a randomly selected cipher key.
7.69
AES Examples … Continued
Example - 10 Continued
7.70
AES Examples … Continued
Example - 10 Continued
7.71
AES Examples … Continued
Example - 10 Continued
7.72
AES Examples … Continued
Example - 11
Figure shows the state entries in one round, round 7, in
Example-10.
7.73
AES Examples … Continued
Example - 12
One may be curious to see the result of encryption when the
plaintext is made of all 0s. Using the cipher key in Example 7.10
yields the ciphertext.
7.74
AES Examples … Continued
Example - 13
7.75
AES Examples … Continued
Example - 14
The following shows the effect of using a cipher key in which all
bits are 0s.
7.76
Analysis of
AES
77
ANALYSIS OF AES
7.78
AES Security Analysis
7.80
AES Simplicity and Cost
7.81
Multiple Blocks
82
Four Modes of Block Ciphers
• How are multiple blocks processed?
– ECB: Electronic Code Book
– CBC: Cipher Block Chaining
– CFB: Cipher Feedback
– OFB: Output Feedback
83
Electronic codebook (ECB) mode
K
Enc
P1 P2 P3
C1 C2 C3
K
Dec
C1 C2 C3
P1 P2 P3
84
Cipher-block Chaining (CBC) Mode
K
Enc
P1 IV P2 C1 P3 C2
C1 C2 C3
K
Dec
C1 C2 C3
P1 IV P2 C1 P3 C2
IV C1 C2
P1 P2 P3
ECB vs CBC
• Which mode would you choose?