SlideShare a Scribd company logo

Next generation block ciphers

Roman Oliynykov
Roman Oliynykov

Slides of my lecture on block ciphers providing high level security. Lecture was given at Finse Winter School in Information Security (Norway), on May 2014.

Internet
1 of 86
Download to read offline
1 Next Generation of Block Ciphers Providing High- Level Security Roman Oliynykov Associated Professor at Information Technologies Security Department Kharkov National University of Radioelectronics Head of Scientific Research Department JSC “Institute of Information Technologies” Ukraine Visiting professor at Samsung Advanced Technology Training Institute Korea ROliynykov@gmail.com May 7th, 2014
2 Outline Block cipher basics, overview of their application Requirements to block ciphers and their construction principles Basics of cryptanalysis: differential, linear, etc. Advanced Encryption Standard: construction, advantages and disadvantages Directions of block ciphers further development: lightweight and high-level security Newly developed block ciphers providing high level security: solutions from the USA, Russia, Belorussia and Ukraine Construction and properties of perspective cipher for Ukraine, speed comparison Beyond block cipher security: can encryption be broken if we use high-level strength cipher?
3 About myself (I) I’m from Ukraine (Eastern part of Europe), host country of Euro2012 football championship I live in Kharkov (the second largest city in the country, population is 1.5 million people), Eastern Ukraine (near Russia), former capital of the Soviet Ukraine (1918-1934) three Nobel prize winners worked at Kharkov National University
4 About myself (II) Associated professor at Information Technologies Security Department at Kharkov National University of Radioelectronics courses on computer networks and operation system security, special mathematics for cryptographic applications Head of Scientific Research Department at JSC “Institute of Information Technologies” Scientific interests: symmetric cryptographic primitives synthesis and cryptanalysis Visiting professor at Samsung Advanced Technology Training Institute courses on computer networks and operation system security, software security, effective application and implementation of symmetric cryptography
5 Block ciphers one of the most popular cryptographic transformations most widely used cryptographic algorithms for providing confidentiality in commercial systems symmetric key cryptographic transformation very often used as main construction element for hash functions, pseudo random number generators (PRNG), etc.
6 Block cipher encryption: electronic codebook mode (ECB) NB: ECB mode is only used as basic block for more complex transformations
7 Block cipher Encryption Decryption Main property for practical implementation The same key is used for encryption and decryption (opposite to RSA and other public key crypto)
8 Applications of block ciphers: encryption (confidentiality) network connections: SSL/TLS protocols (AES, Camellia, Triple DES, etc. in CBC or GCM modes) network traffic: IPsec protocol suite (AES, Camellia, Triple DES, GOST 28147-89 etc. in CBC, CTR or GCM modes) storage protection (AES in XTS mode) etc.
9 Applications of block ciphers: integrity verification, that the message was not modified/forged during transmission via untrusted channel (Internet, wireless networks, etc.): CMAC (Cipher-based Message Authentication Code) GMAC (Galois Message Authentication Code), GCM (Galois/Counter Mode)
10 Applications of block ciphers: elements of other primitives Hash function constructions: Miyaguchi–Preneel Davies–Meyer Matyas–Meyer–Oseas
11 Applications of block ciphers: a permutation in sponge construction hash function (Keccak/SHA-3) message authentication code stream cipher authenticated encryption
12 Ideal block cipher model block cipher as a random permutation (fixed key gives one permutation) number of random permutations: (2n)!, where n is block size in bits practical implementation is impossible: requires 264·8 = 267 bytes just for simple 64-block encryption using the single key real block cipher only takes 2k from (2n)!, where k is key length
13 Block cipher: requirements and construction principles must behave like a random substitution (hiding all redundancy of plaintext) truly random substitution of corresponding size is quite ineffective in implementation iterative structure: sequential application of different weak ciphers gives a strong one each plaintext bit and each key bit must have influence on each ciphertext bit linear and non-linear operations must be used (Shannon’s confusion and diffusion) only small tables and simple operations (repeating many times) may be used to archive effective implementation
14 Practical implementation: iterated block ciphers Repeating weak round function many times. Main constructions of block ciphers: Feistel network SPN structure Lai-Massey scheme
15 Block cipher round function Linear and non-linear layers for providing complex input/output dependency; One or few rounds can be easily broken, but enough will give a strong cipher Can be implemented: S-boxes followed by linear transformations sequence of addition, rotation and XOR (ARX-ciphers) mix of above variants Example: Camellia block cipher round function
16 Avalanche effect for block ciphers and hash functions changing one input bit (plaintext or key) leads to changing approximately half output bits (ciphertext) at random positions non-linear blocks (S-boxes) give complex dependency between S-box input bits (diffusion) linear blocks (bit permutation, linear bit transformations, including MDS matrix multiplication) gives “difference spreading” to the rest of S-boxes multiple rounds (product cipher) allow to get complex non-linear dependencies of all output bits on all plaintext and key bits avalanche property is very important for strength to different cryptanalysis methods
17 Practical (computational) security: wide spread block ciphers and their characteristics
18 Legacy block cipher: Data Encryption Standard (DES) 64 bit block, 56 bit key 16-round Feistel network linear key schedule (master key bit permutation) based on IBM solution: Lucifer NSA improvement: decreased key length and improved strength to different cryptanalytic attacks, published later
19 Legacy block cipher: DES round function bit expansion E (32 bit -> 48 bit) round key addition (XOR) S-boxes (substitution tables, 6 bit -> 4 bit) bit permutation P
20 DES S-boxes … … … … … … … … … … … … … … … …
21 DES key schedule 56 bit of the encryption key are transformed into 16 round keys of 48 bit each cyclic shifts and bit permutation of encryption key are only used each round key is just a selected and permuted bits of encryption key
22 Data Encryption Standard: advantages and disadvantages the first publically available worldwide spread cipher with practically acceptable strength level no effective attacks exploiting internal properties completely breaking cipher strength were found (cf.: FEAL) improved version (TDEA or TripleDES with 168 bit key is allowed to be used by NIST together with AES) DES can be practically broken with brute-force attacks or using precomputed tables due to 56-bit key slow in software (comparing to AES, etc.) not effective as a lightweight solution
23 How ciphers are broken: examples of basic cryptanalysis methods brute force attacks precomputed tables (Hellman, rainbow, etc.) differential cryptanalysis and modifications impossible differentials truncated differentials rectangle attack boomerang attack linear cryptanalysis and modifications algebraic analysis etc.
24 Differential cryptanalysis very widely applied method of cryptanalysis for block ciphers, hash functions, etc. learns how the difference propagates via cryptographic transformations chosen plaintext attack (for most cases) the first method for successful analytical attack against DES (estimated complexity 247) the first publication in open literature appeared in 1990 (IBM researches say they discovered it in 1974 and optimized DES against it, and NSA already knew about DC then) many other attacks are based on differential cryptanalysis some ciphers successfully had been practically broken (e.g., FEAL) with DC
25 Basics of differential cryptanalysis Difference Linear function Difference and round key addition Non-linear function
26 Difference distribution table of DES S-box (S1)
27 Non-linear transformation (S-box) non-zero difference can be formed by limited (not all) input and output values:
28 Differential cryptanalysis: the last round of encryption
29 Differential cryptanalysis: transformations in the last round function ∆X, ∆Y are known => only several variants of X (not all) are possible R, R’ are known (equal to right halves of ciphertext) Possible key bits values: K = R ⊕ X
30 Differential characteristics: obtaining necessary differences on the last round
31 Differential characteristics probabilities: one round calculation NB: random independent round keys (hypothesis stochastic equivalence)
32 Attack complexity and strength to differential cryptanalysis Probability of differential characteristic determines the required number of chosen plaintext encryptions (mathematical expectation) Complexity of the attack (classic approach) depends on maximal probability of difference transformation on S- box(es) number of active S-boxes used in differential characteristic Cryptographic primitive is resistant do differential cryptanalysis, if the complexity of the attack is higher than the brute force search
33 Complexity of DES differential cryptanalysis
34 Linear cryptanalysis very widely applied method of cryptanalysis for block ciphers, hash functions, etc. learns how the non-linear cryptographic transformation can be approximated with linear/affine equations known (not chosen) plaintext attack (for most cases) the first practically implemented method for successful analytical attack against DES (with complexity 243) first publication in open literature appeared in 1992 (against FEAL cipher, then applied to DES)
35 S-box: non-linear element and its approximation table
36 Linear approximation of several rounds involving: linear approximations of S-boxes plaintext and ciphertext bits round keys bits
37 Attack complexity and strength to linear cryptanalysis The required number of plaintext encryptions is determined by the probability that linear approximation (linear hull) holds Complexity of the attack (classic approach) depends on maximal bias of linear approximation on S-box(es) number of active S-boxes used in linear approximation for the whole cipher Cryptographic primitive is resistant to linear cryptanalysis, if the complexity of the attack is higher than the brute force search
38 Algebraic cryptanalysis follows Claude Shannon idea (published 1949) “breaking a good cipher should require as much work as solving a system of simultaneous equations in a large number of unknowns of a complex type” known plaintext attack (usually) requires small amount of plaintext-ciphertext pairs (near to unicity distance) usually crypto transformation is described with overdefined system of a small (2-3) degree several ciphers were successfully broken with algebraic attacks methods of solving multivariate overdefined systems are being improved
39 Advanced Encryption Standard (AES) 128 bits block and 128, 192 or 256 bits key developed in Belgium, selected from 15 candidates (proposal from the US, Denmark, Germany, Israel, Japan, Switzerland, Armenia, etc.) during 4 year public cryptographic competition held by US National Institute of Standards (NIST) adopted as the US standard in 2001 In 2002 allowed for protection of classified US government information the most researched cipher ever (in open publications) NSA cannot break even AES-128 and employs thousands of mathematician for this task (according to Ed.Snowden files) contemporary assumption: strong (practically unbreakable) encryption
40 Advanced Encryption Standard (AES) transparent design SPN construction (Substitution Permutation Network) 10, 12 or 14 rounds for AES-128, AES-192 and AES-256 correspondingly quite effective in software (32-bit platforms), good for hardware implementation (not taking into account lightweight solutions)
41 AES: presentation of processing bytes as a “cipher state”
42 AES: high-level structure (picture for 128 bit key)
43 AES: SubBytes transformation
44 AES: ShiftRows transformation
45 AES: MixColumns transformation
46 AES: AddRoundKey transformation
47 AES round key generation (key expansion) NB: not all key length (128, 192, 256) must be supported; for many applications it’s enough to have the single key length
48 AES round key generation: RotWord
49 AES round key generation: SubBytes
50 AES round key generation: round constant application NB: without Rcon there would be equal blocks in ciphertext if plaintext and keys have equal blocks (1, 2 or 4 bytes repeats in plaintext and key)
51 AES round key sequence
52 AES effective software implementation: 32-bit platform three different operations can be united into the single (!) look-up table access: SubBytes (non-linear) ShiftRows (linear) MixColumns (linear) cipher consists of look-up table accesses and round key additions
53 AES recommendation symmetric encryption on general purpose platform (32 bit, 64 bit) for commercial systems: AES as the main cipher is a good solution recommended mode for confidentiality is CTR (if you don’t use well researched authenticated encryption) the longer the key, the slower cipher is (20% slower for 192 bits and 40% slower for 256 bits comparing to 128 bit key speed) for very reliable systems implement AES-256 and an additional cipher (e.g., Camellia, Serpent, etc.) remember about implementation integrity check for plaintext or ciphertext together with encryption
54 Advanced Encryption Standard Advantages one of the most spread commercial and open source solutions all over the world high level of practical security effective in software many hardware accelerators, including Intel processors AES instructions Disadvantages theoretical attacks more effective than brute force are known 32-bit oriented (condition of the AES competition), does not take all advantages of the 64-bit platform
55 Further development of block ciphers: the first direction Lightweight constrained devices: RFID chips, embedded medical devices, etc. (number of gates, available memory, power consumption and so on) acceptable strength level (cipher cannot be broken in the near future by small group of hackers) not intended to be strong against powerful adversary keeping theoretical strength for tens of years
56 Further development of block ciphers: the second direction Governmental-level (high and ultrahigh) security must be cryptographically strong must have enough security margin to be protected (with high level of confidence) of newly discovered attacks not intended for highly constrained devices (used on servers, routers, PC, etc.) must provide fast encryption
57 Newly developed block ciphers providing high level security Threefish (USA) STB 34.101.31-2011 (Belorussia) Kuznechik (Russia) Kalyna (Ukraine)
58 Threefish block cipher a main part of Skein hash function (supports very big block sizes) ARX-cipher (addition, rotation, XOR) simple round function, many rounds
59 Threefish-512: 4 rounds of the 72
60 Threefish round key generation
61 Threefish encryption performance Very fast software implementation: 4 Gb/s on Intel Core 2 Duo x64 or 6.1 clocks per byte for encryption
62 Belorussian standard STB 34.101.31-2011 (Bel-T) 128 bit block 128, 192 or 256 bit key 8-round combination of Feistel network and Lai-Massey scheme Single fixed S-box (8 bit-to-8 bit) with good properties no key schedule (parts of encryption key are used as round keys; key shorter than 256 bits is just padded) The latest version adopted in 2011
63 Belorussian standard STB 34.101.31-2011 (Bel-T) S S S S <<< k Gk :
64 The new Russian cipher: “Kuznechik” (“Grasshopper”) well-researched AES-like construction (S-boxes, ShiftRows, MixColumns) 10 rounds of encryption MixColumns: a big (16x16) MDS matrix over GF(28) generated by special method; cf.: AES has the 4x4 MDS matrix key schedule: Feistel network with constants as its round keys; each round gives a round key for the main cipher high level of security slower in software comparing to other modern block ciphers not adopted and officially published (only discussed on several conferences in Russia): final version of S-boxes and MDS matrix are not disclosed to public yet
65 Requirements to the new perspective cipher for Ukraine block size and key length: 128, 256 and 512 bits (high and ultrahigh security level) strength against known methods of cryptanalysis security margin against future improved attacks transparent design effective high-speed software implementation on the 64-bit platform estimated time: at least 30 years (in condition of quantum cryptanalysis impossibility)
66 Perspective block cipher “Kalyna” SPN-construction (AES-like) increased size of linear transformation matrix several S-boxes generated with respect to differential, linear and algebraic properties quite new construction of key schedule, simple in implementation
67 “Kalyna” encryption function ( ) 0 1 1 1 K N i K KK r i rN Kalyna χγπθσ γπθχ ooooo oooo ∏ − = + = K0 SubBytes ShiftRows MixColumns KiNr -1 times KNr SubBytes ShiftRows MixColumns
68 “Kalyna”: number of rounds 18––512 (Nb = 8) 1814–256 (Nb = 4) –1410128 (Nb = 2) 512 (Nk = 8) 256 (Nk = 4) 128 (Nk = 2) Key length Block size
69 S-boxes for “Kalyna” 4 different S-boxes (which are not CCZ-equivalent) with the following characteristics: 3 (441 equations)Overdefined system degree 24Max. value of linear bias 8Max. value of difference distribution table 7Minimal algebraic degree of component Boolean functions 104Nonlinearity AES S-box: overdefined system degree: 2, nonlinearity: 112, dd: 4 The best known nonlinearity of S-boxes with 3rd degree: Сrypton, Safer+, Skipjack, SNOW, Twofish, Whirlpool, СS, Anubis, Stribog
70 Number of active S-boxes depending on required 64-bit processor instructions for 4x4 and 8x8 MDS matrix over GF(28) for 128 bit (left) and 256 bit (right) block 0 20 40 60 80 100 120 32 64 96 128 Required instructions NumberofactiveS-boxes МДР64 МДР32 45 90 135 180 25 50 75 100 0 20 40 60 80 100 120 140 160 180 200 64 128 192 256 Required instructions NumberofactiveS-boxes МДР64 МДР32 Increased size of MDS matrix gives essential advantages for required cryptographic properties, and has effective implementation on modern platforms
71 “Kalyna” encryption function design principles well known wide trail design strategy (strength to differential, linear cryptanalysis, etc.) combined with modular pre- and post-whitening clear construction, no trapdoors new set of S-boxes (without essential algebraic structure) 64-bit platform operations (mod 264 addition, 8x8 MDS matrix) direct transformation (encryption) is more often used than reverse (decryption) effective software implementation developed for and most effective on 64-bit platforms
72 Optimization for direct transformation (encryption) block cipher based hashing does not need decryption block cipher based pseudorandom number generation does not need decryption sponge construction does not need block cipher decryption most block cipher modes of operation (CTR, OFB, CFB, CCM, GCM, etc.) do not need block cipher decryption:
73 Number of precomputed tables: AES (4 tables) 2 tables for encryption 2 tables for decryption Kalyna (4 tables) 1 table for encryption 3 tables for decryption More effective implementation for CTR, OFB, CFB, CCM, GCM hashing, PRNG
74 Requirements to “Kalyna” key schedule non-linear dependence of every round key bit on every encryption key bit round key independence high computational complexity of encryption key recovery even having all round keys strength to all known cryptanalytic attacks on key schedule absence of weak key worsen cryptographic properties implementation simplicity (application of round transformation only) partial protection from side-channel attacks
75 “Kalyna” key schedule K SubBytes ShiftRows MixColumns K K SubBytes ShiftRows MixColumns Nb+Nk+1(const) SubBytes ShiftRows MixColumns Kt Kt+tmvi SubBytes ShiftRows MixColumns SubBytes ShiftRows MixColumns K k2i Kt+tmvi Kt+tmvi )32(212 +⋅<<<=+ bii Nkk tmv0=0x01000100…0100 tmvi+2= tmvi << 1 All operations (excluding rotation and shifting which can be effectively implemented by memory access processor instructions) are taken from the encrypt function
76 “Kalyna” key schedule properties correspondence to requirements all operations are taken from encryption function round keys can be generated in order to encryption and decryption with the same computational complexity effective countermeasure against round transformation symmetry minimal number of constants, their clearness key agility is less than 2.5 (key schedule takes time less than 2.5 encryption of one block) non-bijective round keys dependency on encryption key
77 Non-bijective round key dependence implemented in Twofish (AES competition finalist; key agility > 10) Blowfish (widely used in public cryptographic libraries; key agility > 10) Fox (block cipher developed in Switzerland; key agility > 5) key schedule works as PRNG with cryptographic properties no estimation was published in open literature { } { }( )rKKKKP ,...,,## 10≥
78 Percentage of unique round keys for “Kalyna” 0.999978512512 0.981684512256 0.999665256256 0.981684256128 0.997521128128 Part of unique round keysKey lengthBlock size Advantages: good cryptographic properties additional protection from different attacks, including side-channel high computational complexity of encryption key recovery even having all round keys Disadvantage: less than 2% of encryption keys might have equivalent keys (highly pseudorandom dependence of equivalent keys, if there are any)
79 “Kalyna” (block size 128 bits, 10 rounds) strength to cryptanalytic attacks 212043Boomerang 23Interpolation 26626256Impos. diff. 233+429756Integral 4Trunc. diff. 252,835Linear negligible25545Differential MemoryEncryptionsMax. rnds Attack characteristicsMin. rounds for prevention Type of the attack Similar results (enough security margin) are also obtained for 256 and 512-bit block
80 “Kalyna” output sequences NIST STS statistical testing Even round keys generation CTR encryption
81 Comparison of required operations for one byte processing GOST 28147-89: 72 operations/byte (32-bit memory accesses, modulo 232 additions, XORs, ANDs, shifts) AES-128: 45.375 operations/byte (32-bit memory accesses, XORs, ANDs, shifts) STB (Bel-T): 40.5 operations/byte (32-bit memory accesses, modulo 232 additions and subtractions, XORs, ANDs, shifts) Kalyna_128/128: 40.375 operations/byte (64-bit memory accesses, modulo 264 additions, XORs, ANDs, shifts)
82 Encryption performance (Windows/Visual C++) 0 200 400 600 800 1000 1200 1400 1600 Mbits / s Block cipher / encryption performance (Mbits / s ) Intel Core i5 x64 / Windows Server 2008 R2 x64 / Visual C++ 2008 Ряд1 1538,31 1098,17 1256,23 977,61 995,72 1483,26 1095,19 376,3 609,18 K2- 128/128 K2- 128/256 K2- 256/256 K2- 256/512 K2- 512/512 AES- 128 AES- 256 GOST 28147 STB
83 Encryption performance (Linux/gcc) 0 200 400 600 800 1000 1200 1400 1600 1800 2000 Mbits / s Block cipher / encryption performance (Mbits / s) Core 2 Duo E8500 / Linux (64 bit) /gcc Ряд1 1828,57 1291,72 1219,05 948,148 948,148 1667,95 1254,01 492,31 753,5 K2- 128/128 K2- 128/256 K2- 256/256 K2- 256/512 K2- 512/512 AES- 128 AES- 256 GOST 28147 STB
84 Advantages of “Kalyna” block cipher has high and ultrahigh level of cryptographic security based on verified constructions and clear solutions fast on modern 64-bit processors compact software implementation perspective for application in common cryptographic systems, Internet and banking security, cloud computing security, etc.
85 Trends in block cipher development refusing of S-box algebraic structure (reverse element in the finite field, etc.) increasing size of MDS matrix families of ciphers: different block sizes and key lengths combinations of XOR and modular addition application of round function transformation for round key generation
86 Beyond block cipher security mode of operation security BEAST attack (CBC mode) implementation security CRIME/BREACH attacks heartbleed bug in OpenSSL timing attacks: cache misses side-channel attacks software vulnerabilities (buffer and heap overflows, etc.) high-level protocol security (e.g.: encryption key generation) we need to use highly secure block ciphers, but should also pay a lot of attention to security of the whole system

Recommended

DES
DESDES
DESNaga Srimanyu Timmaraju
 
Data encryption standard
Data encryption standardData encryption standard
Data encryption standardVasuki Ramasamy
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptographyguest9006ab
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 

Recommended

DES
DESDES
DESNaga Srimanyu Timmaraju
 
Data encryption standard
Data encryption standardData encryption standard
Data encryption standardVasuki Ramasamy
 
Cryptography and Network Lecture Notes
Cryptography and Network Lecture NotesCryptography and Network Lecture Notes
Cryptography and Network Lecture NotesFellowBuddy.com
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptographyguest9006ab
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmSrinadh Muvva
 
cryptography
cryptographycryptography
cryptographyAbhijeet Singh
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Kabul Education University
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 
One time Pad Encryption
One time Pad EncryptionOne time Pad Encryption
One time Pad EncryptionAbdullah Mubashar
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Cryptography in Blockchain
Cryptography in BlockchainCryptography in Blockchain
Cryptography in BlockchainEC-Council
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Hardik Manocha
 
Hash Function
Hash Function Hash Function
Hash Function ssuserdfb2da
 
Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4Federal Urdu University
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 

More Related Content

What's hot

Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Cryptography in Blockchain
Cryptography in BlockchainCryptography in Blockchain
Cryptography in BlockchainEC-Council
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Hardik Manocha
 

What's hot (20)

RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
cryptography
cryptographycryptography
cryptography
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For Authentication
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DES
 
One time Pad Encryption
One time Pad EncryptionOne time Pad Encryption
One time Pad Encryption
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Cryptography in Blockchain
Cryptography in BlockchainCryptography in Blockchain
Cryptography in Blockchain
 
Cryptography
CryptographyCryptography
Cryptography
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryption
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
 
Hash Function
Hash Function Hash Function
Hash Function
 

Similar to Next generation block ciphers

Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationRoman Oliynykov
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementationRoman Oliynykov
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxHodaAhmedBekhitAhmed
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportsakhi rehman
 
cryptography and network security chap 3
cryptography and network security chap 3cryptography and network security chap 3
cryptography and network security chap 3Debanjan Bhattacharya
 
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer ScienceNetwork security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer ScienceRathnaDeepa1
 
1 Cryptography Introduction_shared.ppt
1 Cryptography Introduction_shared.ppt1 Cryptography Introduction_shared.ppt
1 Cryptography Introduction_shared.pptssuser0cd7c9
 

Similar to Next generation block ciphers (20)

Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
AES effecitve software implementation
AES effecitve software implementationAES effecitve software implementation
AES effecitve software implementation
 
sheet7.pdf
sheet7.pdfsheet7.pdf
sheet7.pdf
 
paper7.pdf
paper7.pdfpaper7.pdf
paper7.pdf
 
lecture6.pdf
lecture6.pdflecture6.pdf
lecture6.pdf
 
doc7.pdf
doc7.pdfdoc7.pdf
doc7.pdf
 
DES.ppt
DES.pptDES.ppt
DES.ppt
 
Block Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptxBlock Cipher.cryptography_miu_year5.pptx
Block Cipher.cryptography_miu_year5.pptx
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
 
Aes
AesAes
Aes
 
cryptography and network security chap 3
cryptography and network security chap 3cryptography and network security chap 3
cryptography and network security chap 3
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
Unit 2
Unit 2Unit 2
Unit 2
 
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer ScienceNetwork security R.Rathna Deepa 2nd M.sc.,Computer Science
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
 
1 Cryptography Introduction_shared.ppt
1 Cryptography Introduction_shared.ppt1 Cryptography Introduction_shared.ppt
1 Cryptography Introduction_shared.ppt
 
G04701051058
G04701051058G04701051058
G04701051058
 

More from Roman Oliynykov

Cryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin frameworkCryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin frameworkRoman Oliynykov
 
Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...Roman Oliynykov
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishRoman Oliynykov
 

More from Roman Oliynykov (7)

Cryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin frameworkCryptocurrency with central bank regulations: the RSCoin framework
Cryptocurrency with central bank regulations: the RSCoin framework
 
Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...Buffer overflow and other software vulnerabilities: theory and practice of pr...
Buffer overflow and other software vulnerabilities: theory and practice of pr...
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in English
 
Software Security
Software SecuritySoftware Security
Software Security
 
Kupyna
KupynaKupyna
Kupyna
 
Kalyna
KalynaKalyna
Kalyna
 
Software security
Software securitySoftware security
Software security
 

Recently uploaded

Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 

Recently uploaded (20)

Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 

Next generation block ciphers

  • 1. 1 Next Generation of Block Ciphers Providing High- Level Security Roman Oliynykov Associated Professor at Information Technologies Security Department Kharkov National University of Radioelectronics Head of Scientific Research Department JSC “Institute of Information Technologies” Ukraine Visiting professor at Samsung Advanced Technology Training Institute Korea ROliynykov@gmail.com May 7th, 2014
  • 2. 2 Outline Block cipher basics, overview of their application Requirements to block ciphers and their construction principles Basics of cryptanalysis: differential, linear, etc. Advanced Encryption Standard: construction, advantages and disadvantages Directions of block ciphers further development: lightweight and high-level security Newly developed block ciphers providing high level security: solutions from the USA, Russia, Belorussia and Ukraine Construction and properties of perspective cipher for Ukraine, speed comparison Beyond block cipher security: can encryption be broken if we use high-level strength cipher?
  • 3. 3 About myself (I) I’m from Ukraine (Eastern part of Europe), host country of Euro2012 football championship I live in Kharkov (the second largest city in the country, population is 1.5 million people), Eastern Ukraine (near Russia), former capital of the Soviet Ukraine (1918-1934) three Nobel prize winners worked at Kharkov National University
  • 4. 4 About myself (II) Associated professor at Information Technologies Security Department at Kharkov National University of Radioelectronics courses on computer networks and operation system security, special mathematics for cryptographic applications Head of Scientific Research Department at JSC “Institute of Information Technologies” Scientific interests: symmetric cryptographic primitives synthesis and cryptanalysis Visiting professor at Samsung Advanced Technology Training Institute courses on computer networks and operation system security, software security, effective application and implementation of symmetric cryptography
  • 5. 5 Block ciphers one of the most popular cryptographic transformations most widely used cryptographic algorithms for providing confidentiality in commercial systems symmetric key cryptographic transformation very often used as main construction element for hash functions, pseudo random number generators (PRNG), etc.
  • 6. 6 Block cipher encryption: electronic codebook mode (ECB) NB: ECB mode is only used as basic block for more complex transformations
  • 7. 7 Block cipher Encryption Decryption Main property for practical implementation The same key is used for encryption and decryption (opposite to RSA and other public key crypto)
  • 8. 8 Applications of block ciphers: encryption (confidentiality) network connections: SSL/TLS protocols (AES, Camellia, Triple DES, etc. in CBC or GCM modes) network traffic: IPsec protocol suite (AES, Camellia, Triple DES, GOST 28147-89 etc. in CBC, CTR or GCM modes) storage protection (AES in XTS mode) etc.
  • 9. 9 Applications of block ciphers: integrity verification, that the message was not modified/forged during transmission via untrusted channel (Internet, wireless networks, etc.): CMAC (Cipher-based Message Authentication Code) GMAC (Galois Message Authentication Code), GCM (Galois/Counter Mode)
  • 10. 10 Applications of block ciphers: elements of other primitives Hash function constructions: Miyaguchi–Preneel Davies–Meyer Matyas–Meyer–Oseas
  • 11. 11 Applications of block ciphers: a permutation in sponge construction hash function (Keccak/SHA-3) message authentication code stream cipher authenticated encryption
  • 12. 12 Ideal block cipher model block cipher as a random permutation (fixed key gives one permutation) number of random permutations: (2n)!, where n is block size in bits practical implementation is impossible: requires 264·8 = 267 bytes just for simple 64-block encryption using the single key real block cipher only takes 2k from (2n)!, where k is key length
  • 13. 13 Block cipher: requirements and construction principles must behave like a random substitution (hiding all redundancy of plaintext) truly random substitution of corresponding size is quite ineffective in implementation iterative structure: sequential application of different weak ciphers gives a strong one each plaintext bit and each key bit must have influence on each ciphertext bit linear and non-linear operations must be used (Shannon’s confusion and diffusion) only small tables and simple operations (repeating many times) may be used to archive effective implementation
  • 14. 14 Practical implementation: iterated block ciphers Repeating weak round function many times. Main constructions of block ciphers: Feistel network SPN structure Lai-Massey scheme
  • 15. 15 Block cipher round function Linear and non-linear layers for providing complex input/output dependency; One or few rounds can be easily broken, but enough will give a strong cipher Can be implemented: S-boxes followed by linear transformations sequence of addition, rotation and XOR (ARX-ciphers) mix of above variants Example: Camellia block cipher round function
  • 16. 16 Avalanche effect for block ciphers and hash functions changing one input bit (plaintext or key) leads to changing approximately half output bits (ciphertext) at random positions non-linear blocks (S-boxes) give complex dependency between S-box input bits (diffusion) linear blocks (bit permutation, linear bit transformations, including MDS matrix multiplication) gives “difference spreading” to the rest of S-boxes multiple rounds (product cipher) allow to get complex non-linear dependencies of all output bits on all plaintext and key bits avalanche property is very important for strength to different cryptanalysis methods
  • 17. 17 Practical (computational) security: wide spread block ciphers and their characteristics
  • 18. 18 Legacy block cipher: Data Encryption Standard (DES) 64 bit block, 56 bit key 16-round Feistel network linear key schedule (master key bit permutation) based on IBM solution: Lucifer NSA improvement: decreased key length and improved strength to different cryptanalytic attacks, published later
  • 19. 19 Legacy block cipher: DES round function bit expansion E (32 bit -> 48 bit) round key addition (XOR) S-boxes (substitution tables, 6 bit -> 4 bit) bit permutation P
  • 20. 20 DES S-boxes … … … … … … … … … … … … … … … …
  • 21. 21 DES key schedule 56 bit of the encryption key are transformed into 16 round keys of 48 bit each cyclic shifts and bit permutation of encryption key are only used each round key is just a selected and permuted bits of encryption key
  • 22. 22 Data Encryption Standard: advantages and disadvantages the first publically available worldwide spread cipher with practically acceptable strength level no effective attacks exploiting internal properties completely breaking cipher strength were found (cf.: FEAL) improved version (TDEA or TripleDES with 168 bit key is allowed to be used by NIST together with AES) DES can be practically broken with brute-force attacks or using precomputed tables due to 56-bit key slow in software (comparing to AES, etc.) not effective as a lightweight solution
  • 23. 23 How ciphers are broken: examples of basic cryptanalysis methods brute force attacks precomputed tables (Hellman, rainbow, etc.) differential cryptanalysis and modifications impossible differentials truncated differentials rectangle attack boomerang attack linear cryptanalysis and modifications algebraic analysis etc.
  • 24. 24 Differential cryptanalysis very widely applied method of cryptanalysis for block ciphers, hash functions, etc. learns how the difference propagates via cryptographic transformations chosen plaintext attack (for most cases) the first method for successful analytical attack against DES (estimated complexity 247) the first publication in open literature appeared in 1990 (IBM researches say they discovered it in 1974 and optimized DES against it, and NSA already knew about DC then) many other attacks are based on differential cryptanalysis some ciphers successfully had been practically broken (e.g., FEAL) with DC
  • 25. 25 Basics of differential cryptanalysis Difference Linear function Difference and round key addition Non-linear function
  • 26. 26 Difference distribution table of DES S-box (S1)
  • 27. 27 Non-linear transformation (S-box) non-zero difference can be formed by limited (not all) input and output values:
  • 29. 29 Differential cryptanalysis: transformations in the last round function ∆X, ∆Y are known => only several variants of X (not all) are possible R, R’ are known (equal to right halves of ciphertext) Possible key bits values: K = R ⊕ X
  • 31. 31 Differential characteristics probabilities: one round calculation NB: random independent round keys (hypothesis stochastic equivalence)
  • 32. 32 Attack complexity and strength to differential cryptanalysis Probability of differential characteristic determines the required number of chosen plaintext encryptions (mathematical expectation) Complexity of the attack (classic approach) depends on maximal probability of difference transformation on S- box(es) number of active S-boxes used in differential characteristic Cryptographic primitive is resistant do differential cryptanalysis, if the complexity of the attack is higher than the brute force search
  • 33. 33 Complexity of DES differential cryptanalysis
  • 34. 34 Linear cryptanalysis very widely applied method of cryptanalysis for block ciphers, hash functions, etc. learns how the non-linear cryptographic transformation can be approximated with linear/affine equations known (not chosen) plaintext attack (for most cases) the first practically implemented method for successful analytical attack against DES (with complexity 243) first publication in open literature appeared in 1992 (against FEAL cipher, then applied to DES)
  • 35. 35 S-box: non-linear element and its approximation table
  • 36. 36 Linear approximation of several rounds involving: linear approximations of S-boxes plaintext and ciphertext bits round keys bits
  • 37. 37 Attack complexity and strength to linear cryptanalysis The required number of plaintext encryptions is determined by the probability that linear approximation (linear hull) holds Complexity of the attack (classic approach) depends on maximal bias of linear approximation on S-box(es) number of active S-boxes used in linear approximation for the whole cipher Cryptographic primitive is resistant to linear cryptanalysis, if the complexity of the attack is higher than the brute force search
  • 38. 38 Algebraic cryptanalysis follows Claude Shannon idea (published 1949) “breaking a good cipher should require as much work as solving a system of simultaneous equations in a large number of unknowns of a complex type” known plaintext attack (usually) requires small amount of plaintext-ciphertext pairs (near to unicity distance) usually crypto transformation is described with overdefined system of a small (2-3) degree several ciphers were successfully broken with algebraic attacks methods of solving multivariate overdefined systems are being improved
  • 39. 39 Advanced Encryption Standard (AES) 128 bits block and 128, 192 or 256 bits key developed in Belgium, selected from 15 candidates (proposal from the US, Denmark, Germany, Israel, Japan, Switzerland, Armenia, etc.) during 4 year public cryptographic competition held by US National Institute of Standards (NIST) adopted as the US standard in 2001 In 2002 allowed for protection of classified US government information the most researched cipher ever (in open publications) NSA cannot break even AES-128 and employs thousands of mathematician for this task (according to Ed.Snowden files) contemporary assumption: strong (practically unbreakable) encryption
  • 40. 40 Advanced Encryption Standard (AES) transparent design SPN construction (Substitution Permutation Network) 10, 12 or 14 rounds for AES-128, AES-192 and AES-256 correspondingly quite effective in software (32-bit platforms), good for hardware implementation (not taking into account lightweight solutions)
  • 41. 41 AES: presentation of processing bytes as a “cipher state”
  • 47. 47 AES round key generation (key expansion) NB: not all key length (128, 192, 256) must be supported; for many applications it’s enough to have the single key length
  • 48. 48 AES round key generation: RotWord
  • 49. 49 AES round key generation: SubBytes
  • 50. 50 AES round key generation: round constant application NB: without Rcon there would be equal blocks in ciphertext if plaintext and keys have equal blocks (1, 2 or 4 bytes repeats in plaintext and key)
  • 51. 51 AES round key sequence
  • 52. 52 AES effective software implementation: 32-bit platform three different operations can be united into the single (!) look-up table access: SubBytes (non-linear) ShiftRows (linear) MixColumns (linear) cipher consists of look-up table accesses and round key additions
  • 53. 53 AES recommendation symmetric encryption on general purpose platform (32 bit, 64 bit) for commercial systems: AES as the main cipher is a good solution recommended mode for confidentiality is CTR (if you don’t use well researched authenticated encryption) the longer the key, the slower cipher is (20% slower for 192 bits and 40% slower for 256 bits comparing to 128 bit key speed) for very reliable systems implement AES-256 and an additional cipher (e.g., Camellia, Serpent, etc.) remember about implementation integrity check for plaintext or ciphertext together with encryption
  • 54. 54 Advanced Encryption Standard Advantages one of the most spread commercial and open source solutions all over the world high level of practical security effective in software many hardware accelerators, including Intel processors AES instructions Disadvantages theoretical attacks more effective than brute force are known 32-bit oriented (condition of the AES competition), does not take all advantages of the 64-bit platform
  • 55. 55 Further development of block ciphers: the first direction Lightweight constrained devices: RFID chips, embedded medical devices, etc. (number of gates, available memory, power consumption and so on) acceptable strength level (cipher cannot be broken in the near future by small group of hackers) not intended to be strong against powerful adversary keeping theoretical strength for tens of years
  • 56. 56 Further development of block ciphers: the second direction Governmental-level (high and ultrahigh) security must be cryptographically strong must have enough security margin to be protected (with high level of confidence) of newly discovered attacks not intended for highly constrained devices (used on servers, routers, PC, etc.) must provide fast encryption
  • 57. 57 Newly developed block ciphers providing high level security Threefish (USA) STB 34.101.31-2011 (Belorussia) Kuznechik (Russia) Kalyna (Ukraine)
  • 58. 58 Threefish block cipher a main part of Skein hash function (supports very big block sizes) ARX-cipher (addition, rotation, XOR) simple round function, many rounds
  • 61. 61 Threefish encryption performance Very fast software implementation: 4 Gb/s on Intel Core 2 Duo x64 or 6.1 clocks per byte for encryption
  • 62. 62 Belorussian standard STB 34.101.31-2011 (Bel-T) 128 bit block 128, 192 or 256 bit key 8-round combination of Feistel network and Lai-Massey scheme Single fixed S-box (8 bit-to-8 bit) with good properties no key schedule (parts of encryption key are used as round keys; key shorter than 256 bits is just padded) The latest version adopted in 2011
  • 63. 63 Belorussian standard STB 34.101.31-2011 (Bel-T) S S S S <<< k Gk :
  • 64. 64 The new Russian cipher: “Kuznechik” (“Grasshopper”) well-researched AES-like construction (S-boxes, ShiftRows, MixColumns) 10 rounds of encryption MixColumns: a big (16x16) MDS matrix over GF(28) generated by special method; cf.: AES has the 4x4 MDS matrix key schedule: Feistel network with constants as its round keys; each round gives a round key for the main cipher high level of security slower in software comparing to other modern block ciphers not adopted and officially published (only discussed on several conferences in Russia): final version of S-boxes and MDS matrix are not disclosed to public yet
  • 65. 65 Requirements to the new perspective cipher for Ukraine block size and key length: 128, 256 and 512 bits (high and ultrahigh security level) strength against known methods of cryptanalysis security margin against future improved attacks transparent design effective high-speed software implementation on the 64-bit platform estimated time: at least 30 years (in condition of quantum cryptanalysis impossibility)
  • 66. 66 Perspective block cipher “Kalyna” SPN-construction (AES-like) increased size of linear transformation matrix several S-boxes generated with respect to differential, linear and algebraic properties quite new construction of key schedule, simple in implementation
  • 67. 67 “Kalyna” encryption function ( ) 0 1 1 1 K N i K KK r i rN Kalyna χγπθσ γπθχ ooooo oooo ∏ − = + = K0 SubBytes ShiftRows MixColumns KiNr -1 times KNr SubBytes ShiftRows MixColumns
  • 68. 68 “Kalyna”: number of rounds 18––512 (Nb = 8) 1814–256 (Nb = 4) –1410128 (Nb = 2) 512 (Nk = 8) 256 (Nk = 4) 128 (Nk = 2) Key length Block size
  • 69. 69 S-boxes for “Kalyna” 4 different S-boxes (which are not CCZ-equivalent) with the following characteristics: 3 (441 equations)Overdefined system degree 24Max. value of linear bias 8Max. value of difference distribution table 7Minimal algebraic degree of component Boolean functions 104Nonlinearity AES S-box: overdefined system degree: 2, nonlinearity: 112, dd: 4 The best known nonlinearity of S-boxes with 3rd degree: Сrypton, Safer+, Skipjack, SNOW, Twofish, Whirlpool, СS, Anubis, Stribog
  • 70. 70 Number of active S-boxes depending on required 64-bit processor instructions for 4x4 and 8x8 MDS matrix over GF(28) for 128 bit (left) and 256 bit (right) block 0 20 40 60 80 100 120 32 64 96 128 Required instructions NumberofactiveS-boxes МДР64 МДР32 45 90 135 180 25 50 75 100 0 20 40 60 80 100 120 140 160 180 200 64 128 192 256 Required instructions NumberofactiveS-boxes МДР64 МДР32 Increased size of MDS matrix gives essential advantages for required cryptographic properties, and has effective implementation on modern platforms
  • 71. 71 “Kalyna” encryption function design principles well known wide trail design strategy (strength to differential, linear cryptanalysis, etc.) combined with modular pre- and post-whitening clear construction, no trapdoors new set of S-boxes (without essential algebraic structure) 64-bit platform operations (mod 264 addition, 8x8 MDS matrix) direct transformation (encryption) is more often used than reverse (decryption) effective software implementation developed for and most effective on 64-bit platforms
  • 72. 72 Optimization for direct transformation (encryption) block cipher based hashing does not need decryption block cipher based pseudorandom number generation does not need decryption sponge construction does not need block cipher decryption most block cipher modes of operation (CTR, OFB, CFB, CCM, GCM, etc.) do not need block cipher decryption:
  • 73. 73 Number of precomputed tables: AES (4 tables) 2 tables for encryption 2 tables for decryption Kalyna (4 tables) 1 table for encryption 3 tables for decryption More effective implementation for CTR, OFB, CFB, CCM, GCM hashing, PRNG
  • 74. 74 Requirements to “Kalyna” key schedule non-linear dependence of every round key bit on every encryption key bit round key independence high computational complexity of encryption key recovery even having all round keys strength to all known cryptanalytic attacks on key schedule absence of weak key worsen cryptographic properties implementation simplicity (application of round transformation only) partial protection from side-channel attacks
  • 75. 75 “Kalyna” key schedule K SubBytes ShiftRows MixColumns K K SubBytes ShiftRows MixColumns Nb+Nk+1(const) SubBytes ShiftRows MixColumns Kt Kt+tmvi SubBytes ShiftRows MixColumns SubBytes ShiftRows MixColumns K k2i Kt+tmvi Kt+tmvi )32(212 +⋅<<<=+ bii Nkk tmv0=0x01000100…0100 tmvi+2= tmvi << 1 All operations (excluding rotation and shifting which can be effectively implemented by memory access processor instructions) are taken from the encrypt function
  • 76. 76 “Kalyna” key schedule properties correspondence to requirements all operations are taken from encryption function round keys can be generated in order to encryption and decryption with the same computational complexity effective countermeasure against round transformation symmetry minimal number of constants, their clearness key agility is less than 2.5 (key schedule takes time less than 2.5 encryption of one block) non-bijective round keys dependency on encryption key
  • 77. 77 Non-bijective round key dependence implemented in Twofish (AES competition finalist; key agility > 10) Blowfish (widely used in public cryptographic libraries; key agility > 10) Fox (block cipher developed in Switzerland; key agility > 5) key schedule works as PRNG with cryptographic properties no estimation was published in open literature { } { }( )rKKKKP ,...,,## 10≥
  • 78. 78 Percentage of unique round keys for “Kalyna” 0.999978512512 0.981684512256 0.999665256256 0.981684256128 0.997521128128 Part of unique round keysKey lengthBlock size Advantages: good cryptographic properties additional protection from different attacks, including side-channel high computational complexity of encryption key recovery even having all round keys Disadvantage: less than 2% of encryption keys might have equivalent keys (highly pseudorandom dependence of equivalent keys, if there are any)
  • 79. 79 “Kalyna” (block size 128 bits, 10 rounds) strength to cryptanalytic attacks 212043Boomerang 23Interpolation 26626256Impos. diff. 233+429756Integral 4Trunc. diff. 252,835Linear negligible25545Differential MemoryEncryptionsMax. rnds Attack characteristicsMin. rounds for prevention Type of the attack Similar results (enough security margin) are also obtained for 256 and 512-bit block
  • 80. 80 “Kalyna” output sequences NIST STS statistical testing Even round keys generation CTR encryption
  • 81. 81 Comparison of required operations for one byte processing GOST 28147-89: 72 operations/byte (32-bit memory accesses, modulo 232 additions, XORs, ANDs, shifts) AES-128: 45.375 operations/byte (32-bit memory accesses, XORs, ANDs, shifts) STB (Bel-T): 40.5 operations/byte (32-bit memory accesses, modulo 232 additions and subtractions, XORs, ANDs, shifts) Kalyna_128/128: 40.375 operations/byte (64-bit memory accesses, modulo 264 additions, XORs, ANDs, shifts)
  • 82. 82 Encryption performance (Windows/Visual C++) 0 200 400 600 800 1000 1200 1400 1600 Mbits / s Block cipher / encryption performance (Mbits / s ) Intel Core i5 x64 / Windows Server 2008 R2 x64 / Visual C++ 2008 Ряд1 1538,31 1098,17 1256,23 977,61 995,72 1483,26 1095,19 376,3 609,18 K2- 128/128 K2- 128/256 K2- 256/256 K2- 256/512 K2- 512/512 AES- 128 AES- 256 GOST 28147 STB
  • 83. 83 Encryption performance (Linux/gcc) 0 200 400 600 800 1000 1200 1400 1600 1800 2000 Mbits / s Block cipher / encryption performance (Mbits / s) Core 2 Duo E8500 / Linux (64 bit) /gcc Ряд1 1828,57 1291,72 1219,05 948,148 948,148 1667,95 1254,01 492,31 753,5 K2- 128/128 K2- 128/256 K2- 256/256 K2- 256/512 K2- 512/512 AES- 128 AES- 256 GOST 28147 STB
  • 84. 84 Advantages of “Kalyna” block cipher has high and ultrahigh level of cryptographic security based on verified constructions and clear solutions fast on modern 64-bit processors compact software implementation perspective for application in common cryptographic systems, Internet and banking security, cloud computing security, etc.
  • 85. 85 Trends in block cipher development refusing of S-box algebraic structure (reverse element in the finite field, etc.) increasing size of MDS matrix families of ciphers: different block sizes and key lengths combinations of XOR and modular addition application of round function transformation for round key generation
  • 86. 86 Beyond block cipher security mode of operation security BEAST attack (CBC mode) implementation security CRIME/BREACH attacks heartbleed bug in OpenSSL timing attacks: cache misses side-channel attacks software vulnerabilities (buffer and heap overflows, etc.) high-level protocol security (e.g.: encryption key generation) we need to use highly secure block ciphers, but should also pay a lot of attention to security of the whole system