The document describes RC6, a block cipher proposed as a candidate for the Advanced Encryption Standard (AES). RC6 is based on RC5 but adapted to meet AES requirements. It operates on 128-bit blocks using a variable number of rounds, rotations, XORs and additions modulated by a key-dependent S-box. Implementation results show RC6 encrypting/decrypting over 100 megabits/second on modern processors. Security analysis finds no known practical attacks against RC6 even with a reduced number of rounds. The designers conclude RC6 meets AES requirements by being simple, fast and secure.
Introduction to Python for Security ProfessionalsAndrew McNicol
This webcast introduces Python for security professionals. The goal is to inspire others to push past the initial learning curve to harness the power of Python. This is just a quick glance at the power that awaits anyone willing to gain the skill. If you are looking for more resources check out DrapsTV's YouTube channel.
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.
And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.
What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?
The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using 'measurement-bound' encryption. This presentation describes how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I demonstrate measurement-bound encryption in action. I also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.
This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Learn how your government plans to keep its own secrets and how you can protect yours.
https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
By reading this you can enhance your knowledge about Data Communication Network and Redundancy check used for it for error detection. It only Detect the error and discard it from the sequence given in that codes.
Network Traffic Management also allows for the identification of network-intensive operations that can be incorporated into network planning and growth strategies. Network Traffic Management is used alongside other optimisation techniques like Application Traffic Management as part of an overall Application Delivery Network solution.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Here is the presentation for Network Layer Numericals from the book Andrew S. Tanenbaum (Computer Networks) and B A Forouzan ( Data Communication and Networking)
Introduction to Python for Security ProfessionalsAndrew McNicol
This webcast introduces Python for security professionals. The goal is to inspire others to push past the initial learning curve to harness the power of Python. This is just a quick glance at the power that awaits anyone willing to gain the skill. If you are looking for more resources check out DrapsTV's YouTube channel.
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.
And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.
What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?
The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using 'measurement-bound' encryption. This presentation describes how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I demonstrate measurement-bound encryption in action. I also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.
This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Learn how your government plans to keep its own secrets and how you can protect yours.
https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
By reading this you can enhance your knowledge about Data Communication Network and Redundancy check used for it for error detection. It only Detect the error and discard it from the sequence given in that codes.
Network Traffic Management also allows for the identification of network-intensive operations that can be incorporated into network planning and growth strategies. Network Traffic Management is used alongside other optimisation techniques like Application Traffic Management as part of an overall Application Delivery Network solution.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Here is the presentation for Network Layer Numericals from the book Andrew S. Tanenbaum (Computer Networks) and B A Forouzan ( Data Communication and Networking)
This paper presents a design and implementation of FPGA based Bose, Chaudhuri and Hocquenghem (BCH) codes for wireless communication applications. The codes are written in VHDL (Very High Speed Hardware Description Language). Here BCH decoder (15, 5, and 3) is implemented and discussed. And decoder uses serial input and serial output architecture. BCH code forms a large class of powerful random error correcting cyclic codes. BCH operates over algebraic structure called finite fields and they are binary multiple error correcting codes. BCH decoder is implemented by syndrome calculation circuit, the BMA (Berlekamp-Massey algorithm) and Chien search circuit. The codecs are implemented over cyclone FPGA device.
Ec2203 digital electronics questions anna university by www.annaunivedu.organnaunivedu
EC2203 Digital Electronics Anna University Important Questions for 3rd Semester ECE , EC2203 Digital Electronics Important Questions, 3rd Sem Question papers,
http://www.annaunivedu.org/digital-electronics-ec-2203-previous-year-question-paper-for-3rd-sem-ece-anna-univ-question/
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
1. The RC6 Block Cipher:
A simple fast secure
AES proposal
Ronald L. Rivest MIT
Matt Robshaw RSA Labs
Ray Sidney RSA Labs
Yiqun Lisa Yin RSA Labs
(August 21, 1998)
Outline
u Design Philosophy
u Description of RC6
u Implementation Results
u Security
u Conclusion
2. Design Philosophy
u Leverage our experience with RC5: use
data-dependent rotations to achieve a
high level of security.
u Adapt RC5 to meet AES requirements
u Take advantage of a new primitive for
increased security and efficiency:
32x32 multiplication, which executes
quickly on modern processors, to
compute rotation amounts.
Description of RC6
3. Description of RC6
u RC6-w/r/b parameters:
– Word size in bits: w ( 32 )( lg(w) = 5 )
– Number of rounds: r ( 20 )
– Number of key bytes: b ( 16, 24, or 32 )
u Key Expansion:
– Produces array S[ 0 … 2r + 3 ] of w-bit
round keys.
u Encryption and Decryption:
– Input/Output in 32-bit registers A,B,C,D
RC6 Primitive Operations
A + B Addition modulo 2
w
A - B Subtraction modulo 2
w
A ⊕ B Exclusive-Or
A <<< B Rotate A left by amount in
low-order lg(w ) bits of B
A >>> B Rotate A right, similarly
(A,B,C,D) = (B,C,D,A) Parallel assignment
A x B Multiplication modulo 2
w
RC5
4. RC6 Encryption (Generic)
B = B + S[ 0 ]
D = D + S[ 1 ]
for i = 1 to r do
{
t = ( B x ( 2B + 1 ) ) <<< lg( w )
u = ( D x ( 2D + 1 ) ) <<< lg( w )
A = ( ( A ⊕ t ) <<< u ) + S[ 2i ]
C = ( ( C ⊕ u ) <<< t ) + S[ 2i + 1 ]
(A, B, C, D) = (B, C, D, A)
}
A = A + S[ 2r + 2 ]
C = C + S[ 2r + 3 ]
RC6 Encryption (for AES)
B = B + S[ 0 ]
D = D + S[ 1 ]
for i = 1 to 20 do
{
t = ( B x ( 2B + 1 ) ) <<< 5
u = ( D x ( 2D + 1 ) ) <<< 5
A = ( ( A ⊕ t ) <<< u ) + S[ 2i ]
C = ( ( C ⊕ u ) <<< t ) + S[ 2i + 1 ]
(A, B, C, D) = (B, C, D, A)
}
A = A + S[ 42 ]
C = C + S[ 43 ]
5. RC6 Decryption (for AES)
C = C - S[ 43 ]
A = A - S[ 42 ]
for i = 20 downto 1 do
{
(A, B, C, D) = (D, A, B, C)
u = ( D x ( 2D + 1 ) ) <<< 5
t = ( B x ( 2B + 1 ) ) <<< 5
C = ( ( C - S[ 2i + 1 ] ) >>> t ) ⊕ u
A = ( ( A - S[ 2i ] ) >>> u ) ⊕ t
}
D = D - S[ 1 ]
B = B - S[ 0 ]
Key Expansion (Same as RC5’s)
u Input: array L[ 0 … c-1 ] of input key words
u Output: array S[ 0 … 43 ] of round key words
u Procedure:
S[ 0 ] = 0xB7E15163
for i = 1 to 43 do S[i] = S[i-1] + 0x9E3779B9
A = B = i = j = 0
for s = 1 to 132 do
{ A = S[ i ] = ( S[ i ] + A + B ) <<< 3
B = L[ j ] = ( L[ j ] + A + B ) <<< ( A + B )
i = ( i + 1 ) mod 44
j = ( j + 1 ) mod c }
6. From RC5 to RC6
in seven easy steps
(1) Start with RC5
RC5 encryption inner loop:
for i = 1 to r do
{
A = ( ( A ⊕ B ) <<< B ) + S[ i ]
( A, B ) = ( B, A )
}
Can RC5 be strengthened by having rotation
amounts depend on all the bits of B?
7. u Modulo function?
Use low-order bits of ( B mod d )
Too slow!
u Linear function?
Use high-order bits of ( c x B )
Hard to pick c well!
u Quadratic function?
Use high-order bits of ( B x (2B+1) )
Just right!
Better rotation amounts?
B x (2B+1) is one-to-one mod 2
w
Proof: By contradiction. If B ≠ C but
B x (2B + 1) = C x (2C + 1) (mod 2
w
)
then
(B - C) x (2B+2C+1) = 0 (mod 2
w
)
But (B-C) is nonzero and (2B+2C+1) is
odd; their product can’t be zero! o
Corollary:
B uniform à B x (2B+1) uniform
(and high-order bits are uniform too!)
8. High-order bits of B x (2B+1)
u The high-order bits of
f(B) = B x ( 2B + 1 ) = 2B
2
+ B
depend on all the bits of B .
u Let B = B31B30B29 … B1B0 in binary.
u Flipping bit i of input B
– Leaves bits 0 … i-1 of f(B) unchanged,
– Flips bit i of f(B) with probability one,
– Flips bit j of f(B) , for j > i , with
probability approximately 1/2 (1/4…1),
– is likely to change some high-order bit.
for i = 1 to r do
{
t = ( B x ( 2B + 1 ) ) <<< 5
A = ( ( A ⊕ B ) <<< t ) + S[ i ]
( A, B ) = ( B, A )
}
But now much of the output of this nice
multiplication is being wasted...
(2) Quadratic Rotation Amounts
9. for i = 1 to r do
{
t = ( B x ( 2B + 1 ) ) <<< 5
A = ( ( A ⊕ t ) <<< t ) + S[ i ]
( A, B ) = ( B, A )
}
Now AES requires 128-bit blocks.
We could use two 64-bit registers, but
64-bit operations are poorly supported
with typical C compilers...
(3) Use t, not B, as xor input
(4) Do two RC5’s in parallel
Use four 32-bit regs (A,B,C,D), and do
RC5 on (C,D) in parallel with RC5 on (A,B):
for i = 1 to r do
{
t = ( B x ( 2B + 1 ) ) <<< 5
A = ( ( A ⊕ t ) <<< t ) + S[ 2i ]
( A, B ) = ( B, A )
u = ( D x ( 2D + 1 ) ) <<< 5
C = ( ( C ⊕ u ) <<< u ) + S[ 2i + 1 ]
( C, D ) = ( D, C )
}
10. (5) Mix up data between copies
Switch rotation amounts between copies,
and cyclically permute registers instead of
swapping:
for i = 1 to r do
{
t = ( B x ( 2B + 1 ) ) <<< 5
u = ( D x ( 2D + 1 ) ) <<< 5
A = ( ( A ⊕ t ) <<< u ) + S[ 2i ]
C = ( ( C ⊕ u ) <<< t ) + S[ 2i + 1 ]
(A, B, C, D) = (B, C, D, A)
}
One Round of RC6
55
ff
A B C D
<<<<<<
<<< <<<
S[2i] S[2i+1]
A B C D
t u
11. (6) Add Pre- and Post-Whitening
B = B + S[ 0 ]
D = D + S[ 1 ]
for i = 1 to r do
{
t = ( B x ( 2B + 1 ) ) <<< 5
u = ( D x ( 2D + 1 ) ) <<< 5
A = ( ( A ⊕ t ) <<< u ) + S[ 2i ]
C = ( ( C ⊕ u ) <<< t ) + S[ 2i + 1 ]
(A, B, C, D) = (B, C, D, A)
}
A = A + S[ 2r + 2 ]
C = C + S[ 2r + 3 ]
B = B + S[ 0 ]
D = D + S[ 1 ]
for i = 1 to 20 do
{
t = ( B x ( 2B + 1 ) ) <<< 5
u = ( D x ( 2D + 1 ) ) <<< 5
A = ( ( A ⊕ t ) <<< u ) + S[ 2i ]
C = ( ( C ⊕ u ) <<< t ) + S[ 2i + 1 ]
(A, B, C, D) = (B, C, D, A)
}
A = A + S[ 42 ]
C = C + S[ 43 ]
(7) Set r = 20 for high security
Final RC6
(based on analysis)
12. RC6 Implementation Results
Less than two clocks per bit of plaintext !
Java Borland C Assembly
Setup 110000 2300 1108
Encrypt 16200 616 254
Decrypt 16500 566 254
CPU Cycles / Operation
13. Java Borland C Assembly
Setup 1820 86956 180500
Encrypt 12300 325000 787000
Decrypt 12100 353000 788000
Operations/Second (200MHz)
Java Borland C Assembly
Encrypt 0.197
1.57
5.19
41.5
12.6
100.8
Decrypt 0.194
1.55
5.65
45.2
12.6
100.8
Encryption Rate (200MHz)
MegaBytes / second
MegaBits / second
Over 100 Megabits / second !
14. On an 8-bit processor
u On an Intel MCS51 ( 1 Mhz clock )
u Encrypt/decrypt at 9.2 Kbits/second
(13535 cycles/block;
from actual implementation)
u Key setup in 27 milliseconds
u Only 176 bytes needed for table of
round keys.
u Fits on smart card (< 256 bytes RAM).
Custom RC6 IC
u 0.25 micron CMOS process
u One round/clock at 200 MHz
u Conventional multiplier designs
u 0.05 mm
2
of silicon
u 21 milliwatts of power
u Encrypt/decrypt at 1.3 Gbits/second
u With pipelining, can go faster, at cost
of more area and power
15. RC6 Security Analysis
Analysis procedures
u Intensive analysis, based on most
effective known attacks (e.g. linear
and differential cryptanalysis)
u Analyze not only RC6, but also several
“simplified” forms (e.g. with no
quadratic function, no fixed rotation
by 5 bits, etc…)
16. Linear analysis
u Find approximations for r-2 rounds.
u Two ways to approximate A = B <<< C
– with one bit each of A, B, C (type I)
– with one bit each of A, B only (type II)
– each have bias 1/64; type I more useful
u Non-zero bias across f(B) only when
input bit = output bit. (Best for lsb.)
u Also include effects of multiple linear
approximations and linear hulls.
Estimate of number of plaintext/ciphertext
pairs required to mount a linear attack.
(Only 2
128
such pairs are available.)
Rounds Pairs
8 247
12 283
16 2119
20 RC6 2155
24 2191
Security against linear attacks
Infeasible
17. Differential analysis
u Considers use of (iterative and non-
iterative) (r-2)-round differentials as
well as (r-2)-round characteristics.
u Considers two notions of “difference”:
– exclusive-or
– subtraction (better!)
u Combination of quadratic function and
fixed rotation by 5 bits very good at
thwarting differential attacks.
An iterative RC6 differential
u A B C D
1<<16 1<<11 0 0
1<<11 0 0 0
0 0 0 1<<s
0 1<<26 1<<s 0
1<<26 1<<21 0 1<<v
1<<21 1<<16 1<<v 0
1<<16 1<<11 0 0
u Probability = 2-91
18. Estimate of number of plaintext pairs
required to mount a differential attack.
(Only 2
128
such pairs are available.)
Rounds Pairs
8 256
12 2117
16 2190
20 RC6 2238
24 2299
Security against
differential attacks
Infeasible
Security of Key Expansion
u Key expansion is identical to that of
RC5; no known weaknesses.
u No known weak keys.
u No known related-key attacks.
u Round keys appear to be a “random”
function of the supplied key.
u Bonus: key expansion is quite “one-
way”---difficult to infer supplied key
from round keys.
19. Conclusion
u RC6 more than meets the
requirements for the AES; it is
– simple,
– fast, and
– secure.
u For more information, including copy
of these slides, copy of RC6
description, and security analysis, see
www.rsa.com/rsalabs/aes
(The End)