RC4, cont.
RC4 uses an arrangement of the numbers 0 to 255 (8 bits each) in an array S which changes over time S is a self-modifying lookup table It consists of two processes A Key-based initializatio
One Round of DES
Unit 3 - 41
DES Last Word (Almost)
An initial permutation is applied to the plaintext before round one and its inverse is applied after the final round. Halves are swapped after last
Security of DES
Security of DES depends a lot on S-boxes Everything else in DES is linear Thirty years of intense analysis has revealed no back door Attacks today use exhaustive key search Conclusions
Breaking DES
In June 1997 a DES encrypted challenge message, sponsored by RSA Data Security Inc., was broken using a distributed brute force attack involving 10,000 computers -the key was recovered in
Deep Crack
The machine, shown here running, tests over 90 billion keys per second, taking an average of less than 5 days to discover a DES key
Pictures from http:/www.cryptography.com/resources/whitep
Triple DES
Today, 56 bit DES key is too small But DES is everywhere: What to do? Triple DES or 3DES (112 bit key) C = E(D(E(P,K1),K2),K1) P = D(E(D(C,K1),K2),K1) Why use Encrypt-Decrypt-Encrypt (EDE)
Advanced Encryption Standard
Since DES was becoming less reliable as new cryptanalysis techniques were developed, the National Institute of Standards and Technology (NIST) put out a notice in early 19
Initial Step
The process begins by grouping the plaintext bits into a column array by bytes.
The first four bytes form the first column; the second four bytes form the second column, and so on. If the
DES Subkey - Shifting
For rounds i=1,2,.,16 Let LK = (LK circular shift left by ri) Let RK = (RK circular shift left by ri) ri is 1 for rounds 1,2,9 and 16, and in all other rounds ri is 2
Unit 3 - 39
RC4 Keystream Generation
After the initialization phase, each keystream byte is generated by swapping table elements and select byte according to the following algorithm
i = (i + 1) mod 256 j = (j + S
Block Ciphers
An iterated block cipher splits the plaintext into fixed sized blocks and generates fixed sized blocks of ciphertext. The ciphertext is obtained from the plaintext by iterating a functio
Stream Ciphers
Stream ciphers were big in the past Efficient in hardware Speed needed to keep up with voice, etc. Today, processors are fast, so software-based crypto is fast enough Future of stream c
Feistel Cipher
To decrypt run the process backward. For i = n, n 1, . . . , 1, the decryption rule is
Ri1 = Li Li1 = Ri F(Ri1 , Ki )
The final result is the original plaintext:
P = (L0, R0)
Any round
DES Numerology
DES is a Feistel cipher
64 bit block length 56 bit key length 16 rounds 48 bits of key used each round (subkey)
Each round is simple (for a block cipher) Security depends primarily on S
One Round of DES
Each stage of DES is performs the same set of operations using a different subkey acting on the output of the previous stage. Those operations are defined in three processes: Expansio
Key schedule generates subkey
Each of the 16 stages uses a 48 bit subkey which is derived from the initial 64 bit key. The 56 bits are divided into left (LK) and right halves (RK). Each half is shifte
AES S-box
Last 4 bits of input
First 4 bits of input
Unit 3 - 57
AES ShiftRow
A row shift operation is applied to the output of the S-box in which the four rows of the column array are cyclically shif
AES MixColumn
Column mixing is accomplished by a matrix multiplication operation. The shifted column array is multiplied by a fixed matrix Nonlinear, invertible operation
Unit 3 - 59
AES MixColumn
The
AES AddRoundKey
The final operation adds a subkey derived from the original key to the column array This completes one round of AES RoundKey (subkey) determined by key schedule algorithm
Unit 3 - 61
R
Symmetric Key Crypto
Stream cipher like a one-time pad Key is relatively short Key is stretched into a long keystream Keystream is then used like a one-time pad Employ confusion only Block cipher base
Stream Ciphers
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A stream cipher takes a key K of length n bits and stretches it into a long keystream (stream c
Stream Ciphers, cont.
To decrypt ciphertext C, the same keystream S is again used p0 = c0 s0, p1 = c1 s1, p2 = c2 s2, . . . .
Unit 3 - 7
Stream Ciphers, cont.
Well discuss two examples of stream ciphe
Shift Register
A shift register is a hardware device which:
shifts bits saves bits
For example, a 4-bit shift register looks like:
input shift save input input 0
1101 110 0110
1 1
output output One st
A5/1, cont.
When register X steps, the following occur
t = x13 x16 x17 x18 xi = xi 1 for i = 18, 17, 16, . . . , 1 x0 = t
This can be illustrated as
x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x
A5/1, cont.
Let us define the majority vote function as: Given three bits x, y and z
0 maj( x, y, z ) = 1
if the majority of x, y, and z are 0 otherwise
For examples: maj(0,1,0) = 0
and
maj(1,1,0) =
Shift Register Crypto
Shift register-based crypto is efficient in hardware Harder to implement in software In the past, very popular Today, more is done in software due to faster processors Shift regi