CSE 5351 Introduction to Cryptography Reading assignment Chapter 2 Chapter 3 sections 3134 You may skip proofs but are encouraged to read some of them 2 Computational Difficulty OneWay Functions ID: 253215
Download Presentation The PPT/PDF document "1 Symmetric-Key Encryption" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
1
Symmetric-Key Encryption
CSE 5351: Introduction to Cryptography
Reading assignment:
Chapter 2
Chapter 3 (sections 3.1-3.4)
You may skip proofs, but are encouraged to read some of them.Slide2
2
Computational Difficulty (One-Way Functions)
Pseudorandom
Generators
And Functions
Zero-Knowledge
Proof Systems
Encryption
Schemes
Crypto
Protocols
Sign/MAC/hash
Schemes
APPLICATIONS (security)
This course:Slide3
3Slide4
4Slide5
5Slide6
6Slide7
7Slide8
8Slide9
9Slide10
10Slide11
11Slide12
12Slide13
13Slide14
14Slide15
Vigenère Cipher
15Slide16
16Slide17
17Slide18
18Slide19
19Slide20
20Slide21
21Slide22
22Slide23
23Slide24
24Slide25
25Slide26
26Slide27
27Slide28
28Slide29
29Slide30
30Slide31
31Slide32
32Slide33
Stream Ciphers
Encryption schemes using pseudorandom generators
33Slide34
34Slide35
35Slide36
36Slide37
37Slide38
38Slide39
39Slide40
40Slide41
41Slide42
42Slide43
43Slide44
44Slide45
45Slide46
46Slide47
47Slide48
48
Distinguisher
DSlide49
49Slide50
50Slide51
51Slide52
52Slide53
53Slide54
54Slide55
55Slide56
Security of RC4
RC4 is not a truly pseudorandom generator.
The
keystream
generated by RC4 is biased.
The second byte is biased toward zero with high probability.The first few bytes are strongly non-random and leak information about the input key.
Defense: discard the initial n bytes of the keystream.
Called “RC4-drop[n-bytes]”.Recommended values for n
= 256, 768, or 3072 bytes. Efforts are underway (e.g. the eSTREAM project) to develop more secure stream ciphers.
56Slide57
The Use of RC4 in WEP
WEP is an RC4-based protocol for encrypting data transmitted over an IEEE 802.11 wireless LAN.
WEP requires each packet to be encrypted with a separate RC4 key.
The RC4 key for each packet is a concatenation of a 40 or 104-bit long-term key and a random 24-bit R.
57
l
RC4 key: Long-term key (40 or 104 bits) R (24)
l
Header R Message CRC
encrypted
802.11
Frame:Slide58
WEP is not secure
Mainly because of its way of constructing the key
Can be cracked in a minute
http://eprint.iacr.org/2007/120.pdf
58Slide59
59Slide60
Theory of Block Ciphers
Encryption schemes using pseudorandom functions or permutationsReading: Sections 3.5-3.7 of Katz &
Lindell
60Slide61
61Slide62
62Slide63
63Slide64
64Slide65
65Slide66
66
kSlide67
67Slide68
68Slide69
69Slide70
70Slide71
71Slide72
72Slide73
73Slide74
74Slide75
75Slide76
76Slide77
77Slide78
78Slide79
79
Some properties
In CTR and OFB modes, transmission errors to a block
c
i
affect only the decryption of that block; other blocks are not affected.
useful for communications over an unreliable channel.
In CBC and CFB modes, changes to a block mi will affect
ci and all subsequent ciphertext blocks.
These modes may be used to produce message authentication codes (MAC). In CTR mode, blocks can be encrypted (or decrypted) in parallel or in a “random access” fashion.Slide80
80Slide81
81Slide82
82Slide83
83Slide84
84Slide85
85Slide86
86Slide87
87Slide88
88Slide89
Practical Block Ciphers: DES and AES
DES: Data Encryption Standard (covered in 651)AES: Advanced Encryption StandardReading: Chapter 5 of Katz/
Lindell
89Slide90
90Slide91
91Slide92
92Slide93
AES: Advanced Encryption Standard
Finite field: The mathematics used in AES.Slide94
94
AES: Advanced Encryption Standard
In1997, NIST began the process of choosing a replacement for DES and called it the
Advanced Encryption Standard
.
Requirements: block length of 128 bits, key lengths of 128, 192, and 256 bits.
In 2000,
Rijndael cipher (by Rijmen and Daemen) was selected.
An iterated cipher, with 10, 12, or 14 rounds. Rijndael allows various block lengths. AES allows only one block size: 128 bits.Slide95
95Slide96
96Slide97
97Slide98
98Slide99
99Slide100
100Slide101
101Slide102
102Slide103
A Rijndael Animation by Enrique Zabala
103