Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David - - PowerPoint PPT Presentation

crypto symmetric key cryptography
SMART_READER_LITE
LIVE PREVIEW

Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David - - PowerPoint PPT Presentation

Apr 12, 2023 166 likes •480 views

Computer Security Course. Dawn Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Dawn Overview Cryptography: secure communication over insecure communication channels Three goals

slide-1
SLIDE 1

Dawn

Crypto: Symmetric-Key Cryptography

Computer Security Course. Dawn Song

Slides credit: Dan Boneh, David Wagner, Doug Tygar

slide-2
SLIDE 2

Overview

  • Cryptography: secure communication
  • ver insecure communication channels
  • Three goals

– Confjdentiality – Integrity – Authenticity

slide-3
SLIDE 3

Brief History of Crypto

  • 2,000 years ago

– Caesar Cypher: shifting each letter forward by a fjxed amount – Encode and decode by hand

  • During World War I/II

– Mechanical era: a mechanical device for encrypting messages

  • After World War II

– Modern cryptography: rely on mathematics and electronic computers

slide-4
SLIDE 4

Modern Cryptography

  • Symmetric-key cryptography

– The same secret key is used by both endpoints of a communication

  • Public-key cryptography

– T wo endpoints use difgerent keys

slide-5
SLIDE 5

Attacks to Cryptography

  • Ciphertext only

– Adversary has E(m1), E(m2), …

  • Known plaintext

– Adversary has E(m1)&m1, E(m2)&m2, …

  • Chosen plaintext

– Adversary picks m1, m2, … (potentially adaptively) – Adversary sees E(m1), E(m2), …

  • Chosen ciphertext

– Adversary picks E(m1), E(m2), … (potentially adaptively) – Adversary sees m1, m2, …

slide-6
SLIDE 6

One-time Pad

  • K: random n-bit key
  • P: n-bit message (plaintext)
  • C: n-bit ciphertext
  • Encryption: C = P xor K
  • Decryption: P = C xor K
  • A key can only be used once
  • Impractical!
slide-7
SLIDE 7

Block Cipher

  • Encrypt/Decrypt messages in fjxed

size blocks using the same secret key

– k-bit secret key – n-bit plaintext/ciphertext E, D

Ciphertext Block n bits

Plaintext Block n bits

Key

k Bits

slide-8
SLIDE 8

Feistel cipher

L1 R1

Encryption

Start with (L0, R0) Li+1=Ri Ri+1=Li xor F(Ri,Ki)

Decryption

Start with (Rn+1, Ln+1) Ri=Li+1 Li=Ri+1 xor F(Li+1,Ki)

Li Ri Rn Ln Rn+1-i Ln+1-i

slide-9
SLIDE 9

DES - Data Encryption Standard (1977)

  • Feistel cipher
  • Works on 64 bit block with 56 bit

keys

  • Developed by IBM (Lucifer) improved

by NSA

  • Brute force attack feasible in 1997
slide-10
SLIDE 10

AES – Advanced Encryption Standard (1997)

  • Rijndael cipher

– Joan Daemen & Vincent Rijmen

  • Block size 128 bits
  • Key can be 128, 192, or 256 bits
slide-11
SLIDE 11

Abstract Block Ciphers: PRPs and PRFs

PRF: F: K × X → Y such that: exists “effjcient” algorithm to eval. F(k,x) PRP: E: K × X → X such that:

  • 1. Exists “effjcient” algorithm to eval. E(k,x)
  • 2. The func E( k, ⋅ ) is one-to-one
  • 3. Exists “effjcient” algorithm for inverse D(k,x)

A block cipher is a PRP

slide-12
SLIDE 12

Secure PRF and Secure PRP

  • A PRF F: K × X → Y is secure if

F(k, ⋅ ) is indistinguishable from a random func. f: X → Y

  • A PRP E: K × X → X is secure if

E(k, ⋅ ) is indisting. from a random perm. π: X → X

k ← K f ← Funs[X,Y] x ∈ X f(x) or F(k,x)

???

slide-13
SLIDE 13

Modes of Operation

  • Block ciphers encrypt fjxed size blocks

– eg. DES encrypts 64-bit blocks with 56-bit key

  • Need to en/decrypt arbitrary amounts of data
  • NIST SP 800-38A defjnes 5 modes
  • Block and stream modes
  • Cover a wide variety of applications
  • Can be used with any block cipher
slide-14
SLIDE 14

Electronic Code Book (ECB)

  • Message is broken into independent

blocks which are encrypted

  • Each block is a value which is

substituted, like a codebook

  • Each block is encoded independently
  • f the other blocks
slide-15
SLIDE 15
slide-16
SLIDE 16
slide-17
SLIDE 17

Dawn

Advantages and Limitations of ECB

  • Message repetitions may show in ciphertext

–If aligned with message block –Particularly with data such graphics –Or with messages that change very little

  • Encrypted message blocks independent
  • Not recommended
slide-18
SLIDE 18

Dawn

slide-19
SLIDE 19

Dawn

slide-20
SLIDE 20

Dawn

slide-21
SLIDE 21

Dawn

Cipher Block Chaining (CBC)

slide-22
SLIDE 22

Dawn

slide-23
SLIDE 23

Dawn

slide-24
SLIDE 24

Dawn

Advantages and Limitations of CBC

  • Ciphertext block depends on all blocks before it
  • Change to a block affects all following blocks
  • Need Initialization Vector (IV)

–Random numbers –Must be known to sender & receiver

slide-25
SLIDE 25

Dawn

slide-26
SLIDE 26

Dawn

slide-27
SLIDE 27

Dawn

Stream Modes of Operation

  • Block modes encrypt entire block
  • May need to operate on smaller units

–Real time data

  • Convert block cipher into stream cipher

–Counter (CTR) mode

  • Use block cipher as PRNG (Pseudo Random Number

Generator)

slide-28
SLIDE 28

Dawn

Counter (CTR)

  • Encrypts counter value
  • Need a different key & counter value for every plaintext

block –Oi=EK(IV+i) –Ci=Pi xor Oi

  • Uses: high-speed network encryption
slide-29
SLIDE 29

Dawn

Counter (CTR)

Counter mode with a random IV: (parallel encryption) m[0] m[1] … Ek(IV) Ek(IV+1) … m[L] Ek(IV+L)

c[0] c[1] … c[L] IV IV

ciphertext

slide-30
SLIDE 30

Dawn

Advantages and Limitations of CTR

  • Efficiency

–Can do parallel encryptions in h/w or s/w –Can preprocess in advance of need –Good for bursty high speed links

  • Random access to encrypted data blocks
  • Must ensure never reuse key/counter values, otherwise

could break