1 Symmetric-Key Encryption - PowerPoint Presentation

Slide1

1

Symmetric-Key Encryption

CSE 5351: Introduction to Cryptography

Reading assignment:

Chapter 2

Chapter 3 (sections 3.1-3.4)

You may skip proofs, but are encouraged to read some of them.Slide2

2

Computational Difficulty (One-Way Functions)

Pseudorandom

Generators

And Functions

Zero-Knowledge

Proof Systems

Encryption

Schemes

Crypto

Protocols

Sign/MAC/hash

Schemes

APPLICATIONS (security)

This course:Slide3

3Slide4

4Slide5

5Slide6

6Slide7

7Slide8

8Slide9

9Slide10

10Slide11

11Slide12

12Slide13

13Slide14

14Slide15

Vigenère Cipher

15Slide16

16Slide17

17Slide18

18Slide19

19Slide20

20Slide21

21Slide22

22Slide23

23Slide24

24Slide25

25Slide26

26Slide27

27Slide28

28Slide29

29Slide30

30Slide31

31Slide32

32Slide33

Stream Ciphers

Encryption schemes using pseudorandom generators

33Slide34

34Slide35

35Slide36

36Slide37

37Slide38

38Slide39

39Slide40

40Slide41

41Slide42

42Slide43

43Slide44

44Slide45

45Slide46

46Slide47

47Slide48

48

Distinguisher

DSlide49

49Slide50

50Slide51

51Slide52

52Slide53

53Slide54

54Slide55

55Slide56

Security of RC4

RC4 is not a truly pseudorandom generator.

The

keystream

generated by RC4 is biased.

The second byte is biased toward zero with high probability.The first few bytes are strongly non-random and leak information about the input key.

Defense: discard the initial n bytes of the keystream.

Called “RC4-drop[n-bytes]”.Recommended values for n

= 256, 768, or 3072 bytes. Efforts are underway (e.g. the eSTREAM project) to develop more secure stream ciphers.

56Slide57

The Use of RC4 in WEP

WEP is an RC4-based protocol for encrypting data transmitted over an IEEE 802.11 wireless LAN.

WEP requires each packet to be encrypted with a separate RC4 key.

The RC4 key for each packet is a concatenation of a 40 or 104-bit long-term key and a random 24-bit R.

57

l

RC4 key: Long-term key (40 or 104 bits) R (24)

l

Header R Message CRC

encrypted

802.11

Frame:Slide58

WEP is not secure

Mainly because of its way of constructing the key

Can be cracked in a minute

http://eprint.iacr.org/2007/120.pdf

58Slide59

59Slide60

Theory of Block Ciphers

Encryption schemes using pseudorandom functions or permutationsReading: Sections 3.5-3.7 of Katz &

Lindell

60Slide61

61Slide62

62Slide63

63Slide64

64Slide65

65Slide66

66

kSlide67

67Slide68

68Slide69

69Slide70

70Slide71

71Slide72

72Slide73

73Slide74

74Slide75

75Slide76

76Slide77

77Slide78

78Slide79

79

Some properties

In CTR and OFB modes, transmission errors to a block

c

i

affect only the decryption of that block; other blocks are not affected.

useful for communications over an unreliable channel.

In CBC and CFB modes, changes to a block mi will affect

ci and all subsequent ciphertext blocks.

These modes may be used to produce message authentication codes (MAC). In CTR mode, blocks can be encrypted (or decrypted) in parallel or in a “random access” fashion.Slide80

80Slide81

81Slide82

82Slide83

83Slide84

84Slide85

85Slide86

86Slide87

87Slide88

88Slide89

Practical Block Ciphers: DES and AES

DES: Data Encryption Standard (covered in 651)AES: Advanced Encryption StandardReading: Chapter 5 of Katz/

Lindell

89Slide90

90Slide91

91Slide92

92Slide93

AES: Advanced Encryption Standard

Finite field: The mathematics used in AES.Slide94

94

AES: Advanced Encryption Standard

In1997, NIST began the process of choosing a replacement for DES and called it the

Advanced Encryption Standard

.

Requirements: block length of 128 bits, key lengths of 128, 192, and 256 bits.

In 2000,

Rijndael cipher (by Rijmen and Daemen) was selected.

An iterated cipher, with 10, 12, or 14 rounds. Rijndael allows various block lengths. AES allows only one block size: 128 bits.Slide95

95Slide96

96Slide97

97Slide98

98Slide99

99Slide100

100Slide101

101Slide102

102Slide103

A Rijndael Animation by Enrique Zabala

103