SlideShare a Scribd company logo

SymmetricCryptography-Part3 - Tagged.pdf

M
MohammedMorhafJaely

SymmetricCryptography

Engineering
1 of 39
Download to read offline
Symmetric Cryptography - Part 3 CMPS381 - Applied Cryptography Dr. Devrim Unal
What did we do in the last lecture? ● What topics did we discuss? ● Which did you find interesting? ● Which did you find challenging? 2
Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 3
Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 4
The field of Cryptology 5 Cryptology Cryptography Cryptanalysis Symmetric Cryptography Asymmetric Cryptography Protocols Block Ciphers Stream Ciphers
The field of Cryptography 6 Number Theory Complexity Theory Information Theory Algorithms (Symmetric) Cryptography Confidentiality Integrity Authenticity Non-repudiation Mathematics Computer Science Physics Electrical Engineering Risk Management Security
Symmetric Cryptography - Secret/Private key 7 Enc() m Internet Dec() k m Alice Bob k Eve c
Symmetric Cryptography - Analogy ● Safe with a strong lock, only Alice and Bob have a copy of the (shared) key ○ Alice encrypts, i.e. locks the safe with her key ○ Bob decrypts, i.e. unlocks the safe with his key 8
Formal definition of symmetric Cryptography Let n be a security parameter, K the key space, M the plaintext space, and C the ciphertext space. Symmetric cryptography consists of three algorithms: ● Key Generation := returns on input {0,1}n a key k K ∈ k ← Gen({0,1}n ) ● Encryption := returns on input k and message m M ∈ a ciphertext c C ∈ c ← Enck(m) ● Decryption := returns on input k and c = Enck (m) C ∈ a message m M ∈ Deck(Enck(m)) = m, for all k K, and m M ∈ ∈ 9
The field of Cryptology - Block ciphers 10 Cryptology Cryptography Cryptanalysis Symmetric Cryptography Asymmetric Cryptography Protocols Block Ciphers Stream Ciphers
Block ciphers 11 Plaintext of length n-bit Plaintext Block 0 of x-bit Plaintext Block 1 of x-bit Plaintext Block n of x-bit … Enc() Enc() Enc() … Ciphertext Block 0 of x-bit Ciphertext Block 1 of x-bit Ciphertext Block n of x-bit … Ciphertext of length n-bit
How are the blocks in Block ciphers encrypted? ● There are several ways, so called Modes of Operation ○ Electronic Code Book (ECB) ○ Cipher Block Chaining (CBC) ○ Output Feedback (OFB) ○ Cipher Feedback (CFB) ○ Counter (CTR) ○ Galois Counter Mode (GCM) 12 Note! In addition to confidentiality, some of these modes provide authenticity and integrity of blocks.
What if plaintext length not a block size multiple? ● Padding extends plaintext to a multiple of block size ● ECB and CFB require that plaintext length is a multiple of the block size ● Several ways of doing padding in practice ○ One possible padding method is to append a single “1” bit to the plaintext and then to append as many “0” bits as necessary to reach a multiple of the block length ○ If the plaintext is an exact multiple of the block length, a full extra padding block is appended 13
The field of Cryptology - Modes of Operation 14 Cryptology Cryptography Cryptanalysis Symmetric Cryptography Asymmetric Cryptography Protocols Block Ciphers Stream Ciphers Modes of Operation ECB / CBC / OFB / CBF / CTR / GCM
Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 15
Acknowledgement ● Most of the following slides are based on “Understanding Cryptography - A Textbook for Students and Practitioners” by Christof Paar and Jan Pelzl ● The slides were prepared by Amir Moradi, Christof Paar and Jan Pelzl ● The slides were modified and adapted by Devrim Unal and Jurlind Budurushi 16
Terms of use ● The slides can used free of charge. All copyrights for the slides remain with the authors ● The title of the accompanying book “Understanding Cryptography” by Springer and the author’s names must remain on each slide ● If the slides are modified, appropriate credits to the book authors and the book title must remain within the slides ● It is not permitted to reproduce parts or all of the slides in printed form whatsoever without written consent by the authors 17
Overview of Modes of Operation 18 Modes of Operation Probabilistic Deterministic Cipher Block Chaining CBC Output Feedback OFB Cipher Feedback CFB Counter CTR Galois Counter Mode GCM Electronic Code Book ECB Block Modes Stream Modes
ECB - Encryption / Decryption ● Each block is encrypted separately 19 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption: yi = ek(xi), i ≥ 1 ● Decryption: xi = ek −1 (yi) = ek −1 (ek(xi)), i ≥ 1
ECB - Advantages and disadvantages ● Advantages ○ No block synchronization between sender and receiver required ○ Bit errors caused by noisy channels only affect the corresponding block but not succeeding blocks ○ Encryption and decryption can be parallelized ○ High-speed implementations 20 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Disadvantages ○ Identical plaintexts result in identical ciphertexts, i.e. adversary recognizes if same text has been sent twice ○ Plaintext blocks encrypted independently, i.e. adversary may reorder ciphertext blocks resulting in valid plaintext ○ Statistical properties in the plaintext are preserved in ciphertext
ECB - Substitution attack ● Once a plaintext-ciphertext pair (x,y) is known, a sequence of ciphertext blocks can easily be manipulated 21 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Suppose an electronic bank transfer ○ Assumption: Encryption key between two banks does not change too frequently ○ Attack ■ Adversary sends 1$ transfers from his account at Bank A to his account at Bank B repeatedly ■ Adversary check for ciphertext blocks that repeat, and stores blocks 1, 3, 4 ■ Adversary replaces block 4 of other transfers with block 4 stored before Transfers from some account in Bank A, are redirected to adversary’s account in ⇒ Bank B
ECB - Example of encrypting bitmaps 22 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
CBC - Encryption / Decryption ● The encryptions of all blocks are “chained together” ● The encryption is randomized by using a Initialization Vector (IV) ● IV should not be secret, but a nonce (random number only used once) 23 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption: first block y1 = ek(x1 IV ⊕ ), other blocks yi = ek(xi y ⊕ i-1), i ≥ 2 ● Decryption: first block x1 = ek −1 (y1) IV ⊕ , other blocks xi = ek −1 (yi) y ⊕ i-1, i ≥ 2
CBC - Substitution attack 24 Assume the previous attack on ECB, when does it and does not work for CBC? Answer: ❖ It works if the IV is kept the same for several transfers. ❖ It does not work if IV is properly chosen for every transfer, then CBC becomes a probabilistic encryption scheme.
OFB - Encryption / Decryption ● Build synchronous stream cipher from block cipher ● Keystream generated blockwise, instead of bitwise 25 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption ○ first block s1 = ek(IV) and y1 = s1 x ⊕ 1 ○ other blocks si = ek(si-1) and yi = si x ⊕ i, i ≥ 2 ● Decryption ○ first block s1 = ek(IV) and x1 = s1 y ⊕ 1 ○ other blocks si = ek(si-1) and xi = si y ⊕ i, i ≥ 2
CFB - Encryption / Decryption ● Build asynchronous stream cipher from block cipher ● Keystream generated blockwise and is also a function of the ciphertext 26 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption ○ first block y1 = ek(IV) x ⊕ 1 ○ other blocks yi = ek(yi-1) x ⊕ i, i ≥ 2 ● Decryption ○ first block x1 = ek(IV) y ⊕ 1 ○ other blocks xi = ek(yi-1) s ⊕ i, i ≥ 2
CTR - Encryption / Decryption ● Build asynchronous stream cipher from block cipher ● Keystream generated blockwise ● Input is a counter that assumes a different value every new keystream block ● In contrast to OFB, CFB encryption/decryption can be parallelized ● Suitable for high throughput and fast implementations, e.g. network routers 27 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption: yi = ek(IV || CTRi) ⊕ xi, i ≥ 1 ● Decryption: xi = ek −1 (IV || CTRi) ⊕ yi, i ≥ 1
GCM - Overview ● Provides three additional services to encryption/confidentiality ○ Message Authentication: Message received from original sender ○ Message Integrity: Message not tampered during transmission ○ Additional Authenticated Data (AAD): Not encrypted in this mode of operation. In practice, the AAD string might include addresses and parameters of a network protocol 28 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 29
Intermezzo! Brute force revisited ● An exhaustive search for DES knowing one pair (m1,c1) DESk (i) (m1) ≟ c1, i = 1,...,256 ● However, brute force can produce false positive results ○ The likelihood of false positives related to the relative size of plaintext and ciphertext spaces ○ An attack is still possible, but several pairs plaintext-ciphertext are needed 30 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl m1 c1 plaintext space ciphertext space DESk (1) (m1) … DESk (2) (m1) DESk (2^56) (m1)
Intermezzo! Brute force example ● Assume a cipher with block size 64-bit and key size 80-bit ● Encrypting m1 with all possible keys yields 280 ciphertexts, however only 264 different ciphertexts exist ● Checking all keys for a pair (m1,c1), we find on average 280 /264 =216 keys that perform the mapping enck(m1) = c1 31 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Generalization: Given a block cipher block size of n bits, a key size of k bits and t plaintext–ciphertext pairs (x1, y1), ... , (xt , yt), the expected number of false keys which encrypt all plaintexts to the corresponding ciphertexts is 2k−tn ● Assuming two pairs in the example, the likelihood for false key is 280-2*64 = 2-48
Approaches to increase security in Block ciphers ● In some situations we wish to increase the security of block ciphers, e.g., if a cipher such as DES is available in hardware or software for legacy reasons in a given application ● Two approaches are possible ○ Multiple encryption ○ Key whitening 32 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Multiple encryption - Double encryption ● A plaintext m is first encrypted with a key k1, and the resulting ciphertext is encrypted again using a second key k2 ● Assuming a key length of n bits, an exhaustive key search would require 2n *2n = 22n encryptions or decryptions 33 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Enc() m k1 Enc() m k2
Reminder! DES - Meet-in-the-Middle Attack ● Requires 2k + 2k = 2k+1 operations, for given pair (m, c) ● Phase I ○ Brute force the left encryption for all k ○ Compute a lookup table with 2k entries (each n+k bits) ● Phase II ○ Brute force the right encryption for all k ○ Check, enc(k1,i,m) ≟ dec(k2,j,c) 34 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Note! Double encryption is not much more than single encryption.
Multiple encryption - Triple encryption ● Reminder! 3DES ● Encrypt a block three times c = enc(k3,enc(k2, (enc(k1,m))) ● In practice a variant scheme is often used c = enc(k3,dec(k2, (enc(k1,m))) ● A Meet-in-the-Middle attack is still possible, and it reduces the effective key size of triple encryption from 3k to 2k Check ⇒ enc(k1,i to 2^n,m) ≟ dec(k2,j to 2^n, dec(k3,m to 2^n,c)), for n := key size 35 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Note! Triple encryption doubles the key size.
Key whitening ● In addition to the main k, two whitening keys k1 and k2 are used to XOR- mask the plaintext and ciphertext ● It does not increase security against most analytical attacks, such as linear and differential cryptanalysis ● It is not a solution for ciphers that are inherently weak ● The additional computational load is negligible ● Its’ main application are ciphers that are relatively strong against analytical attacks, but possess a short key space, e.g. DES, called DESX 36 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 37
Challenges of Symmetric Cryptography ● Secret key(s) need to be exchanged securely before communication ● With n communication partners, (n * (n−1)) / 2 keys are needed 38 Alice Bob kAB David kAD kBD Lola kDL kBL kAL
39

Recommended

3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of CryptographyMohammedMorhafJaely
 
Symmetric
SymmetricSymmetric
SymmetricAlessandro José Segura de Oliveira
 
13528 l8
13528 l813528 l8
13528 l8ridhika_gulati
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
Cryptography 202
Cryptography 202Cryptography 202
Cryptography 202UTD Computer Security Group
 
Encryption techniqudgfhgvj,hbkes (2).pptx
Encryption techniqudgfhgvj,hbkes (2).pptxEncryption techniqudgfhgvj,hbkes (2).pptx
Encryption techniqudgfhgvj,hbkes (2).pptxhuachuhulk
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operationMazin Alwaaly
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 

Recommended

3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of CryptographyMohammedMorhafJaely
 
Symmetric
SymmetricSymmetric
SymmetricAlessandro José Segura de Oliveira
 
13528 l8
13528 l813528 l8
13528 l8ridhika_gulati
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
Cryptography 202
Cryptography 202Cryptography 202
Cryptography 202UTD Computer Security Group
 
Encryption techniqudgfhgvj,hbkes (2).pptx
Encryption techniqudgfhgvj,hbkes (2).pptxEncryption techniqudgfhgvj,hbkes (2).pptx
Encryption techniqudgfhgvj,hbkes (2).pptxhuachuhulk
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operationMazin Alwaaly
 
3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and Alternatives3. The Data Encryption Standard (DES) and Alternatives
3. The Data Encryption Standard (DES) and AlternativesSam Bowne
 
14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.pptwwww63
 
1 DES.pdf
1 DES.pdf1 DES.pdf
1 DES.pdfnitin571047
 
Fundamentals of Information Encryption
Fundamentals of Information EncryptionFundamentals of Information Encryption
Fundamentals of Information EncryptionAmna Magzoub
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System SecurityShu Shin
 
Chap06 block cipher operation
Chap06 block cipher operationChap06 block cipher operation
Chap06 block cipher operationNam Yong Kim
 
AES Presentation.pptx
AES Presentation.pptxAES Presentation.pptx
AES Presentation.pptxhammadhassan9507
 
Cryptography & Network Security.ppt-1.pdf
Cryptography & Network Security.ppt-1.pdfCryptography & Network Security.ppt-1.pdf
Cryptography & Network Security.ppt-1.pdfNirajKumar620142
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleDharmalingam Ganesan
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and CryptographyTalha SAVAS
 
section-8.ppt
section-8.pptsection-8.ppt
section-8.pptDeepakPrajapati868260
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynoteKaya Ota
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptShounakDas16
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
03 UNIT-2.pdf
03 UNIT-2.pdf03 UNIT-2.pdf
03 UNIT-2.pdf31ABINESHWARANG
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network securitysathu30
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701Amit Pathak
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptssuseraaf866
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 

More Related Content

Similar to SymmetricCryptography-Part3 - Tagged.pdf

14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.pptwwww63
 
Fundamentals of Information Encryption
Fundamentals of Information EncryptionFundamentals of Information Encryption
Fundamentals of Information EncryptionAmna Magzoub
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System SecurityShu Shin
 
Chap06 block cipher operation
Chap06 block cipher operationChap06 block cipher operation
Chap06 block cipher operationNam Yong Kim
 
Cryptography & Network Security.ppt-1.pdf
Cryptography & Network Security.ppt-1.pdfCryptography & Network Security.ppt-1.pdf
Cryptography & Network Security.ppt-1.pdfNirajKumar620142
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleDharmalingam Ganesan
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and CryptographyTalha SAVAS
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynoteKaya Ota
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptShounakDas16
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network securitysathu30
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701Amit Pathak
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptssuseraaf866
 

Similar to SymmetricCryptography-Part3 - Tagged.pdf (20)

14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.ppt
 
1 DES.pdf
1 DES.pdf1 DES.pdf
1 DES.pdf
 
Fundamentals of Information Encryption
Fundamentals of Information EncryptionFundamentals of Information Encryption
Fundamentals of Information Encryption
 
02 Information System Security
02 Information System Security02 Information System Security
02 Information System Security
 
Chap06 block cipher operation
Chap06 block cipher operationChap06 block cipher operation
Chap06 block cipher operation
 
AES Presentation.pptx
AES Presentation.pptxAES Presentation.pptx
AES Presentation.pptx
 
Cryptography & Network Security.ppt-1.pdf
Cryptography & Network Security.ppt-1.pdfCryptography & Network Security.ppt-1.pdf
Cryptography & Network Security.ppt-1.pdf
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An Example
 
Data Protection Techniques and Cryptography
Data Protection Techniques and CryptographyData Protection Techniques and Cryptography
Data Protection Techniques and Cryptography
 
section-8.ppt
section-8.pptsection-8.ppt
section-8.ppt
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocols
 
Cs166 mynote
Cs166 mynoteCs166 mynote
Cs166 mynote
 
Ch08-CryptoConcepts.ppt
Ch08-CryptoConcepts.pptCh08-CryptoConcepts.ppt
Ch08-CryptoConcepts.ppt
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
 
03 UNIT-2.pdf
03 UNIT-2.pdf03 UNIT-2.pdf
03 UNIT-2.pdf
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
Cryptography & network security
Cryptography & network securityCryptography & network security
Cryptography & network security
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
 
CR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.pptCR 06 - Block Cipher Operation.ppt
CR 06 - Block Cipher Operation.ppt
 

Recently uploaded

Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 

Recently uploaded (20)

Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 

SymmetricCryptography-Part3 - Tagged.pdf

  • 1. Symmetric Cryptography - Part 3 CMPS381 - Applied Cryptography Dr. Devrim Unal
  • 2. What did we do in the last lecture? ● What topics did we discuss? ● Which did you find interesting? ● Which did you find challenging? 2
  • 3. Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 3
  • 4. Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 4
  • 5. The field of Cryptology 5 Cryptology Cryptography Cryptanalysis Symmetric Cryptography Asymmetric Cryptography Protocols Block Ciphers Stream Ciphers
  • 6. The field of Cryptography 6 Number Theory Complexity Theory Information Theory Algorithms (Symmetric) Cryptography Confidentiality Integrity Authenticity Non-repudiation Mathematics Computer Science Physics Electrical Engineering Risk Management Security
  • 7. Symmetric Cryptography - Secret/Private key 7 Enc() m Internet Dec() k m Alice Bob k Eve c
  • 8. Symmetric Cryptography - Analogy ● Safe with a strong lock, only Alice and Bob have a copy of the (shared) key ○ Alice encrypts, i.e. locks the safe with her key ○ Bob decrypts, i.e. unlocks the safe with his key 8
  • 9. Formal definition of symmetric Cryptography Let n be a security parameter, K the key space, M the plaintext space, and C the ciphertext space. Symmetric cryptography consists of three algorithms: ● Key Generation := returns on input {0,1}n a key k K ∈ k ← Gen({0,1}n ) ● Encryption := returns on input k and message m M ∈ a ciphertext c C ∈ c ← Enck(m) ● Decryption := returns on input k and c = Enck (m) C ∈ a message m M ∈ Deck(Enck(m)) = m, for all k K, and m M ∈ ∈ 9
  • 10. The field of Cryptology - Block ciphers 10 Cryptology Cryptography Cryptanalysis Symmetric Cryptography Asymmetric Cryptography Protocols Block Ciphers Stream Ciphers
  • 11. Block ciphers 11 Plaintext of length n-bit Plaintext Block 0 of x-bit Plaintext Block 1 of x-bit Plaintext Block n of x-bit … Enc() Enc() Enc() … Ciphertext Block 0 of x-bit Ciphertext Block 1 of x-bit Ciphertext Block n of x-bit … Ciphertext of length n-bit
  • 12. How are the blocks in Block ciphers encrypted? ● There are several ways, so called Modes of Operation ○ Electronic Code Book (ECB) ○ Cipher Block Chaining (CBC) ○ Output Feedback (OFB) ○ Cipher Feedback (CFB) ○ Counter (CTR) ○ Galois Counter Mode (GCM) 12 Note! In addition to confidentiality, some of these modes provide authenticity and integrity of blocks.
  • 13. What if plaintext length not a block size multiple? ● Padding extends plaintext to a multiple of block size ● ECB and CFB require that plaintext length is a multiple of the block size ● Several ways of doing padding in practice ○ One possible padding method is to append a single “1” bit to the plaintext and then to append as many “0” bits as necessary to reach a multiple of the block length ○ If the plaintext is an exact multiple of the block length, a full extra padding block is appended 13
  • 14. The field of Cryptology - Modes of Operation 14 Cryptology Cryptography Cryptanalysis Symmetric Cryptography Asymmetric Cryptography Protocols Block Ciphers Stream Ciphers Modes of Operation ECB / CBC / OFB / CBF / CTR / GCM
  • 15. Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 15
  • 16. Acknowledgement ● Most of the following slides are based on “Understanding Cryptography - A Textbook for Students and Practitioners” by Christof Paar and Jan Pelzl ● The slides were prepared by Amir Moradi, Christof Paar and Jan Pelzl ● The slides were modified and adapted by Devrim Unal and Jurlind Budurushi 16
  • 17. Terms of use ● The slides can used free of charge. All copyrights for the slides remain with the authors ● The title of the accompanying book “Understanding Cryptography” by Springer and the author’s names must remain on each slide ● If the slides are modified, appropriate credits to the book authors and the book title must remain within the slides ● It is not permitted to reproduce parts or all of the slides in printed form whatsoever without written consent by the authors 17
  • 18. Overview of Modes of Operation 18 Modes of Operation Probabilistic Deterministic Cipher Block Chaining CBC Output Feedback OFB Cipher Feedback CFB Counter CTR Galois Counter Mode GCM Electronic Code Book ECB Block Modes Stream Modes
  • 19. ECB - Encryption / Decryption ● Each block is encrypted separately 19 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption: yi = ek(xi), i ≥ 1 ● Decryption: xi = ek −1 (yi) = ek −1 (ek(xi)), i ≥ 1
  • 20. ECB - Advantages and disadvantages ● Advantages ○ No block synchronization between sender and receiver required ○ Bit errors caused by noisy channels only affect the corresponding block but not succeeding blocks ○ Encryption and decryption can be parallelized ○ High-speed implementations 20 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Disadvantages ○ Identical plaintexts result in identical ciphertexts, i.e. adversary recognizes if same text has been sent twice ○ Plaintext blocks encrypted independently, i.e. adversary may reorder ciphertext blocks resulting in valid plaintext ○ Statistical properties in the plaintext are preserved in ciphertext
  • 21. ECB - Substitution attack ● Once a plaintext-ciphertext pair (x,y) is known, a sequence of ciphertext blocks can easily be manipulated 21 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Suppose an electronic bank transfer ○ Assumption: Encryption key between two banks does not change too frequently ○ Attack ■ Adversary sends 1$ transfers from his account at Bank A to his account at Bank B repeatedly ■ Adversary check for ciphertext blocks that repeat, and stores blocks 1, 3, 4 ■ Adversary replaces block 4 of other transfers with block 4 stored before Transfers from some account in Bank A, are redirected to adversary’s account in ⇒ Bank B
  • 22. ECB - Example of encrypting bitmaps 22 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
  • 23. CBC - Encryption / Decryption ● The encryptions of all blocks are “chained together” ● The encryption is randomized by using a Initialization Vector (IV) ● IV should not be secret, but a nonce (random number only used once) 23 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption: first block y1 = ek(x1 IV ⊕ ), other blocks yi = ek(xi y ⊕ i-1), i ≥ 2 ● Decryption: first block x1 = ek −1 (y1) IV ⊕ , other blocks xi = ek −1 (yi) y ⊕ i-1, i ≥ 2
  • 24. CBC - Substitution attack 24 Assume the previous attack on ECB, when does it and does not work for CBC? Answer: ❖ It works if the IV is kept the same for several transfers. ❖ It does not work if IV is properly chosen for every transfer, then CBC becomes a probabilistic encryption scheme.
  • 25. OFB - Encryption / Decryption ● Build synchronous stream cipher from block cipher ● Keystream generated blockwise, instead of bitwise 25 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption ○ first block s1 = ek(IV) and y1 = s1 x ⊕ 1 ○ other blocks si = ek(si-1) and yi = si x ⊕ i, i ≥ 2 ● Decryption ○ first block s1 = ek(IV) and x1 = s1 y ⊕ 1 ○ other blocks si = ek(si-1) and xi = si y ⊕ i, i ≥ 2
  • 26. CFB - Encryption / Decryption ● Build asynchronous stream cipher from block cipher ● Keystream generated blockwise and is also a function of the ciphertext 26 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption ○ first block y1 = ek(IV) x ⊕ 1 ○ other blocks yi = ek(yi-1) x ⊕ i, i ≥ 2 ● Decryption ○ first block x1 = ek(IV) y ⊕ 1 ○ other blocks xi = ek(yi-1) s ⊕ i, i ≥ 2
  • 27. CTR - Encryption / Decryption ● Build asynchronous stream cipher from block cipher ● Keystream generated blockwise ● Input is a counter that assumes a different value every new keystream block ● In contrast to OFB, CFB encryption/decryption can be parallelized ● Suitable for high throughput and fast implementations, e.g. network routers 27 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl ● Encryption: yi = ek(IV || CTRi) ⊕ xi, i ≥ 1 ● Decryption: xi = ek −1 (IV || CTRi) ⊕ yi, i ≥ 1
  • 28. GCM - Overview ● Provides three additional services to encryption/confidentiality ○ Message Authentication: Message received from original sender ○ Message Integrity: Message not tampered during transmission ○ Additional Authenticated Data (AAD): Not encrypted in this mode of operation. In practice, the AAD string might include addresses and parameters of a network protocol 28 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
  • 29. Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 29
  • 30. Intermezzo! Brute force revisited ● An exhaustive search for DES knowing one pair (m1,c1) DESk (i) (m1) ≟ c1, i = 1,...,256 ● However, brute force can produce false positive results ○ The likelihood of false positives related to the relative size of plaintext and ciphertext spaces ○ An attack is still possible, but several pairs plaintext-ciphertext are needed 30 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl m1 c1 plaintext space ciphertext space DESk (1) (m1) … DESk (2) (m1) DESk (2^56) (m1)
  • 31. Intermezzo! Brute force example ● Assume a cipher with block size 64-bit and key size 80-bit ● Encrypting m1 with all possible keys yields 280 ciphertexts, however only 264 different ciphertexts exist ● Checking all keys for a pair (m1,c1), we find on average 280 /264 =216 keys that perform the mapping enck(m1) = c1 31 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Generalization: Given a block cipher block size of n bits, a key size of k bits and t plaintext–ciphertext pairs (x1, y1), ... , (xt , yt), the expected number of false keys which encrypt all plaintexts to the corresponding ciphertexts is 2k−tn ● Assuming two pairs in the example, the likelihood for false key is 280-2*64 = 2-48
  • 32. Approaches to increase security in Block ciphers ● In some situations we wish to increase the security of block ciphers, e.g., if a cipher such as DES is available in hardware or software for legacy reasons in a given application ● Two approaches are possible ○ Multiple encryption ○ Key whitening 32 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
  • 33. Multiple encryption - Double encryption ● A plaintext m is first encrypted with a key k1, and the resulting ciphertext is encrypted again using a second key k2 ● Assuming a key length of n bits, an exhaustive key search would require 2n *2n = 22n encryptions or decryptions 33 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Enc() m k1 Enc() m k2
  • 34. Reminder! DES - Meet-in-the-Middle Attack ● Requires 2k + 2k = 2k+1 operations, for given pair (m, c) ● Phase I ○ Brute force the left encryption for all k ○ Compute a lookup table with 2k entries (each n+k bits) ● Phase II ○ Brute force the right encryption for all k ○ Check, enc(k1,i,m) ≟ dec(k2,j,c) 34 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Note! Double encryption is not much more than single encryption.
  • 35. Multiple encryption - Triple encryption ● Reminder! 3DES ● Encrypt a block three times c = enc(k3,enc(k2, (enc(k1,m))) ● In practice a variant scheme is often used c = enc(k3,dec(k2, (enc(k1,m))) ● A Meet-in-the-Middle attack is still possible, and it reduces the effective key size of triple encryption from 3k to 2k Check ⇒ enc(k1,i to 2^n,m) ≟ dec(k2,j to 2^n, dec(k3,m to 2^n,c)), for n := key size 35 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl Note! Triple encryption doubles the key size.
  • 36. Key whitening ● In addition to the main k, two whitening keys k1 and k2 are used to XOR- mask the plaintext and ciphertext ● It does not increase security against most analytical attacks, such as linear and differential cryptanalysis ● It is not a solution for ciphers that are inherently weak ● The additional computational load is negligible ● Its’ main application are ciphers that are relatively strong against analytical attacks, but possess a short key space, e.g. DES, called DESX 36 Chapter 5 of Understanding Cryptography by Christof Paar and Jan Pelzl
  • 37. Content ● Overview ● Modes of Operation ● Increasing Security of Block Ciphers ● Challenges of Symmetric Cryptography 37
  • 38. Challenges of Symmetric Cryptography ● Secret key(s) need to be exchanged securely before communication ● With n communication partners, (n * (n−1)) / 2 keys are needed 38 Alice Bob kAB David kAD kBD Lola kDL kBL kAL
  • 39. 39