Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

14,269 views

13,945 views

13,945 views

Published on

No Downloads

Total views

14,269

On SlideShare

0

From Embeds

0

Number of Embeds

7

Shares

0

Downloads

601

Comments

0

Likes

10

No embeds

No notes for slide

- 1. Cipher TechniquesApril 9, 2013 1
- 2. Road Map Basic Terminology Cryptosystem Classical Cryptography Algorithm Types and Modes Data Encryption Standard Other Stream & Block CiphersApril 9, 2013 2
- 3. Basic Terminology plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key cryptology - the field of both cryptography and cryptanalysisApril 9, 2013 3
- 4. Cryptosystem A cryptosystem is a five-tuple (P,C,K,E,D), where the following are satisfied: 1. P is a finite set of possible plaintexts. 2. C is a finite set of possible ciphertexts. 3. K, the key space, is a finite set of possible keys 4. ∀K∈K, ∃EK∈E (encryption rule), ∃DK∈D (decryption rule). Each EK: P→C and DK: C→P are functions such that ∀x∈P, DK(EK(x)) = x.April 9, 2013 4
- 5. Cryptography Cryptography Symmetric / private key / single key Asymmetric / public-key / two - keyApril 9, 2013 5
- 6. Symmetric CryptographyApril 9, 2013 6
- 7. Asymmetric CryptographyApril 9, 2013 7
- 8. Requirements Two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver Y = EK(X) X = DK(Y) assume encryption algorithm is known implies a secure channel to distribute keyApril 9, 2013 8
- 9. Symmetric cryptography Transposition Techniques Substitution techniques Caesar Cipher Monoalphabetic Cipher Polyalphabethic Cipher Playfair CipherApril 9, 2013 9
- 10. Types of Cryptanalytic Attacks adversary needs strongest attack ciphertext only only know algorithm / ciphertext, statistical, can identify plaintext, or worse: the key known plaintext know/suspect plaintext & ciphertext to attack cipher chosen plaintext select plaintext and obtain ciphertext to attack cipher chosen ciphertext select ciphertext and obtain plaintext to attackadversary’s attacks cipher can be weaker chosen text April 9, 2013 select either plaintext or ciphertext to en/decrypt 10 to
- 11. Brute Force Search always possible to simply try every key most basic attack, proportional to size of key space assume either know / recognise plaintextApril 9, 2013 11
- 12. Transposition Ciphers Consider classical transposition or permutation ciphers these hide the message by rearranging the letter order without altering the actual letters used can recognise these since have the same frequency distribution as the original textApril 9, 2013 12
- 13. Rail Fence cipher writemessage letters out diagonally over a number of rows then read off cipher row by row eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t giving ciphertext MEMATRHTGPRYETEFETEOAATApril 9, 2013 13
- 14. Row Transposition Ciphersa more complex scheme write letters of message out in rows over a specified number of columns then reorder the columns according to some key before reading off the rows Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZApril 9, 2013 14
- 15. Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patternsApril 9, 2013 15
- 16. Caesar Cipher earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter after it example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWBApril 9, 2013 16
- 17. Caesar Cipher can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C mathematically give each letter a number a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12 n o p q r s t u v w x y Z 13 14 15 16 17 18 19 20 21 22 23 24 25 then have Caesar cipher as: C = E(p) = (p + k) mod (26) p = D(C) = (C – k) mod (26)April 9, 2013 17
- 18. Monoalphabetic Cipher rather than just shifting the alphabet could shuffle (jumble) the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYAApril 9, 2013 18
- 19. Playfair Cipher not even the large number of keys in a monoalphabetic cipher provides security one approach to improving security was to encrypt multiple letters the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but named after his friend Baron PlayfairApril 9, 2013 19
- 20. Playfair Key Matrix a 5X5 matrix of letters based on a keyword (I and J aren’t distinguished) fill in letters of keyword (sans duplicates) fill rest of matrix with other letters eg. using the keyword MONARCHY MONAR CHYBD EFGIK LPQST UVWXZApril 9, 2013 20
- 21. Encrypting and Decrypting plaintext encrypted two letters at a time: 1. each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired). Except when that doesn’t work! 2. if a pair is a repeated letter, insert a filler like X, eg. "balloon" transformed to "ba lx lo on" 3. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM" 4. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"April 9, 2013 21
- 22. Polyalphabetic Ciphers another approach to improving security is to use multiple cipher alphabets called polyalphabetic substitution ciphers makes cryptanalysis harder with more alphabets to guess and flatter frequency distribution use a key to select which alphabet is used for each letter of the message use each alphabet in turn repeat from start after end of key is reachedApril 9, 2013 22
- 23. Vigenère Cipher simplest polyalphabetic substitution cipher is the Vigenère Cipher effectively multiple caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in message decryption simply works in reverseApril 9, 2013 23
- 24. Example write the plaintext out write the keyword repeated above it use each key letter as a caesar cipher key encrypt the corresponding plaintext letter eg using keyword deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJApril 9, 2013 24
- 25. Autokey Cipher ideally want a key as long as the message Vigenère proposed the autokey cipher with keyword is prefixed to message as key knowing keyword can recover the first few letters use these in turn on the rest of the message but still have frequency characteristics to attack eg. given key deceptive key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLAApril 9, 2013 25
- 26. One-Time Pad ifa truly random key as long as the message is used, the cipher will be secure called a One-Time pad is unbreakable since ciphertext bears no statistical relationship to the plaintext since for any plaintext & any ciphertext there exists a key mapping one to other unconditional security! why look any further??April 9, 2013 26
- 27. Product Ciphers ciphers using substitutions or transpositions are not secure because of language characteristics hence consider using several ciphers in succession to make harder (Shannon) two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new much harder cipher this is bridge from classical to modern ciphersApril 9, 2013 27
- 28. Rotor Machines before modern ciphers, rotor machines were most common product cipher were widely used in WW2 German Enigma, Allied Hagelin, Japanese Purple implemented a very complex, varying substitution cipher used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted with 3 cylinders have 263=17576 alphabets 3! rearrangements of cylinders in EnigmaApril 9, 2013 28
- 29. Steganography an alternative to encryption hides existence of message using only a subset of letters/words in a longer message marked in some way using invisible ink hiding in LSB in graphic image or sound file has drawbacks high overhead to hide relatively few info bitsApril 9, 2013 29
- 30. Algorithm Types and Modes An Algorithm type defines what size of plain text should be encrypted in each step of algorithm An Algorithm mode defines the details of the cryptographic algorithm, once the type is decided.April 9, 2013 30
- 31. Algorithm Types Stream Ciphers Block CiphersAlgorithm Modes ElectronicCode Book Work On Block Cipher Cipher Block Chaining Cipher FeedBack Work On Block Ciphers acting as Output FeedBack Stream CipherApril 9, 2013 31
- 32. Stream, Block Ciphers E encipherment function Ek(b) encipherment of message b with key k In what follows, m = b1b2 …, each bi of fixed length Block cipher Ek(m) = Ek(b1)Ek(b2) … Stream cipher k = k1k2 … Ek(m) = Ek1(b1)Ek2(b2) … If k1k2 … repeats itself, cipher is periodic and the kength of its period is one cycle of k1k2 …April 9, 2013 32
- 33. Stream Ciphers Often (try to) implement one-time pad by xor’ing each bit of key with one bit of message Example: m = 00101 k = 10010 c = 10111 But how to generate a good key?April 9, 2013 33
- 34. Synchronous Stream Ciphers n-stage Linear Feedback Shift Register: consists of n bit register r = r0…rn–1 n bit tap sequence t = t0…tn–1 Use: Use rn–1 as key bit Compute x = r0t0 ⊕ … ⊕ rn–1tn–1 Shift r one bit to right, dropping rn–1, x becomes r0April 9, 2013 34
- 35. Operation … r0 … rn–1 ⊕ bi … ci r0´ … rn–1´ ri´ = ri–1, 0<i≤n r0t0 + … + rn–1tn–1April 9, 2013 35
- 36. Example 4-stage LFSR; t = 1001 r ki new bit computation new r 0010 0 01⊕00⊕10⊕01 = 0 0001 0001 1 01⊕00⊕00⊕11 = 1 1000 1000 0 11⊕00⊕00⊕01 = 1 1100 1100 0 11⊕10⊕00⊕01 = 1 1110 1110 0 11⊕10⊕10⊕01 = 1 1111 1111 1 11⊕10⊕10⊕11 = 0 0111 0111 1 11⊕10⊕10⊕11 = 1 1011 Key sequence has period of 15 (010001111010110)April 9, 2013 36
- 37. NLFSR n-stage Non-Linear Feedback Shift Register: consists of n bit register r = r0…rn–1 Use: Use rn–1 as key bit Compute x = f(r0, …, rn–1); f is any function Shift r one bit to right, dropping rn–1, x becomes r0 Note same operation as LFSR but more general bit replacement functionApril 9, 2013 37
- 38. Example 4-stage NLFSR; f(r0, r1, r2, r3) = (r0 & r2) | r3 r ki new bit computation new r 1100 0 (1 & 0) | 0 = 0 0110 0110 0 (0 & 1) | 0 = 0 0011 0011 1 (0 & 1) | 1 = 1 1001 1001 1 (1 & 0) | 1 = 1 1100 1100 0 (1 & 0) | 0 = 0 0110 0110April 9, 2013 0 (0 & 1) | 0 = 0 38 0011
- 39. Self-Synchronous StreamCipher Takekey from message itself (autokey) Example: Vigenère, key drawn from plaintext key XTHEBOYHASTHEBA plaintext THEBOYHASTHEBAG ciphertext QALFPNFHSLALFCT Problem: Statistical regularities in plaintext show in key Once you get any part of the message, you can decipher moreApril 9, 2013 39
- 40. Another Example Take key from ciphertext (autokey) Example: Vigenère, key drawn from ciphertext key XQXBCQOVVNGNRTT plaintext THEBOYHASTHEBAG ciphertext QXBCQOVVNGNRTTM Problem: Attacker gets key along with ciphertext, so deciphering is trivialApril 9, 2013 40
- 41. Block Cipher Block Cipher – treat a block of plaintext as a whole Feistel Cipher DES/3DES/AES Stream coding – encrypt one bit or byte at a time April 9, 2013 41
- 42. Block Ciphers Encipher, decipher multiple bits at once Each block enciphered independently Problem: identical plaintext blocks produce identical ciphertext blocks Example: two database records MEMBER: HOLLY INCOME $100,000 MEMBER: HEIDI INCOME $100,000 Encipherment: ABCQZRME GHQMRSIB CTXUVYSS RMGRPFQN ABCQZRME ORMPABRZ CTXUVYSS RMGRPFQNApril 9, 2013 42
- 43. Solutions Insert information about block’s position into the plaintext block, then encipher Cipher block chaining: Exclusive-or current plaintext block with previous ciphertext block: c0 = Ek(m0 ⊕ I) ci = Ek(mi ⊕ ci–1) for i > 0 where I is the initialization vectorApril 9, 2013 43
- 44. Algorithm Modes ElectronicCode Book Work On Block Cipher Cipher Block Chaining Cipher FeedBack Work On Block Ciphers acting as Output FeedBack Stream CipherApril 9, 2013 44
- 45. ECB (Electronic CodeBook) Mode Encryption: for 1≤j≤t, cj <= EK(xj). Decryption: for 1≤j≤t, xj <= DK(cj). Identical plaintext (under the same key) result in identical ciphertext blocks are enciphered independently of other blocks bit errors in a single ciphertext affect decipherment of that block onlyApril 9, 2013 45
- 46. ECB Mode (Cont’d) xj n key E E-1 key n x’j = xj cj encipherment deciphermentApril 9, 2013 46
- 47. CBC (Cipher-Block Chaining) Mode C0=IV Cj C j-1 n key xj ⊕ E-1 ⊕ C j-1 key E Cj<Encipherment> n X’j = xj <Decipherment> April 9, 2013 47
- 48. CBC Mode (Cont’d) Encryption: c0 ← IV, cj ← EK(cj−1⊕ xj) Decryption: c0 ← IV, xj ← cj−1 ⊕ E−1K(cj) chaining causes ciphertext cj to depend on all preceding plaintext a single bit error in cj affects decipherment of blocks cj and cj+1 self-synchronizing: error cj (not cj+1, cj+2) is correctly decrypted to xj+2.April 9, 2013 48
- 49. CFB-r(Cipher FeedBack) Mode r-bit Shift r-bit Shift I1=IV key E key E leftmost r bits Oj leftmost r bits Oj xj ci ci xj Encipherment DeciphermentApril 9, 2013 49
- 50. OFB(Output FeedBack) Modewith full(or r-bit) feedback Ij r-bit Shift Ij r-bit Shift I1=IV key E key E Leftmost r-bits Oj Leftmost r-bits Oj xj cj cj xj Encipherment DecipheringApril 9, 2013 50
- 51. Data Encryption Standard The Data Encryption Standard (DES) specifies a FIPS approved cryptographic algorithm as required by FIPS 140-1.(Federal Information Processing Standards 140-1)April 9, 2013 51
- 52. April 9, 2013 52
- 53. Enciphering The 64 bits of the input block to be enciphered are first subjected to the following initial permutation IP:April 9, 2013 53
- 54. IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7April 9, 2013 54
- 55. The permuted input block is then the input to a complex key-dependent computation. The output of that computation (preoutput) is then subjected to the next permutation which is the inverse of the initial permutation.April 9, 2013 55
- 56. IP-1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25April 9, 2013 56
- 57. Let K be a block of 48 bits chosen from the 64-bit (how? explained next). Then the output LR of an iteration with input LR is defined by: L = R R = L (+) f (R,K) LR is the output of the 16th iteration then RL is the preoutput block.April 9, 2013 57
- 58. One round of DESApril 9, 2013 58
- 59. April 9, 2013 59
- 60. PC-1 (Key Permutation) 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4April 9, 2013 60
- 61. Iteration corresponds to left shifts: 1 2 3 4 5 6 7 8 1 1 2 2 2 2 2 2 9 10 11 12 13 14 15 16 1 2 2 2 2 2 2 1April 9, 2013 61
- 62. PC-2 (Compression Permutation) 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32April 9, 2013 62
- 63. One round of DESApril 9, 2013 63
- 64. The Cipher Function f : A sketch of the calculation of f (R, K) is given byApril 9, 2013 64
- 65. Expansion Permutation 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 111213 14 15 16April 9, 2013 65
- 66. E bit-selection table 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1April 9, 2013 66
- 67. One round of DESApril 9, 2013 67
- 68. S 1 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 O 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 O 6 13 S 2 15 1 8 14 6 11 3 4 9 7 2 13 12 O 5 10 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9April 9, 2013 68
- 69. S 3 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 13 7 O 9 3 4 6 10 2 8 5 14 12 11 15 1 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12 S 4 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 13 8 11 5 6 15 O 3 4 7 2 12 1 10 14 9 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 15 O 6 10 1 13 8 9 4 5 11 12 7 2 14April 9, 2013 69
- 70. S 5 2 12 4 1 7 10 11 6 8 5 3 15 13 O 14 9 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6 4 2 1 11 10 13 7 8 15 9 12 5 6 3 O 14 11 8 12 7 1 14 2 13 6 15 O 9 10 4 5 3 S 6 12 1 10 15 9 2 6 8 O 13 3 4 14 7 5 11 10 15 4 2 7 12 9 5 6 1 13 14 O 11 3 8 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13April 9, 2013 70
- 71. S 7 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12 S 8 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11April 9, 2013 71
- 72. S1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 150 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 71 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 82 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 03 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 For example, for input 011011 the row is 01, that is row 1, and the column is determined by 1101, that is column 13. In row 1 column 13 appears 5 so that the output is 0101.April 9, 2013 72
- 73. One round of DESApril 9, 2013 73
- 74. The permutation function P yields a 32- bit output from a 32-bit input by permuting the bits of the input block P 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25April 9, 2013 74
- 75. Primitive functions for the data encryption algorithm The choice of the primitive functions KS, S1, ..., S8 and P is critical to the strength of an encipherment resulting from the algorithm The recommended set of functions are described as S1, ..., S8 and P in the algorithm.April 9, 2013 75
- 76. Deciphering The permutation IP-1 applied to the preoutput block is the inverse of the initial permutation IP applied to the input. R = L L = R (+) f (L, K)April 9, 2013 76
- 77. Other Stream Ciphers RC4 Variable key size stream cipher Proprietary for 7 years (1987 - 1994) In 1994 source code was posted to mailing list Works in OFB Encryption is 10 times faster than DES SEAL (Software-optimized Encryption ALgorithm) length-increasing pseudorandom function which maps a 32-bit sequence number n to an L-bit keystream under control of a 160-bit secret key a In the preprocessing stage, the key is stretched into larger tables using the table-generation function Ga (based on SHA-1) Subsequent to this preprocessing, keystream generation requires about 5 machine instructions per byte order of magnitude faster than DESApril 9, 2013 77
- 78. Other Block Ciphers FEAL Fast N-round block cipher Suffers a lot of attacks, and hence introduce new attacks on block ciphers Japan standard IDEA 64-64-128-8 James Massey Using algebraic functions (mult mod 2n+1, add mod 2n) SAFER, RC-5, AESApril 9, 2013 78
- 79. Thank You reachable at naasir_k@donboscoit.ac.inApril 9, 2013 79

No public clipboards found for this slide

×
### Save the most important slides with Clipping

Clipping is a handy way to collect and organize the most important slides from a presentation. You can keep your great finds in clipboards organized around topics.

Be the first to comment