Chapter 3: Secret Key Cryptography

1
Chapter 3 Secret Key Cryptography

• CS 472 Fall 2012

2
General Block Encryption

• The general way of encrypting a 64-bit block is
  to take each of the 264 input values and map it
  to a unique one of the 264 output values. This
  would take (264 )(64) 270  bits. NOT
  practical.
• Secret key cryptographic systems take a
  reasonable length key (e.g., 64 bits) and
  generate a one-to-one mapping that appears, to
  someone who does not know the key, as completely
  random. I.e., any single bit change in the input
  results in a totally independent random number
  output.

3
Types of transformation for k-bit blocks

• Substitution Specify for each of the 2k possible
  values of the input, the k-bit output. This takes
  k.2k bits. This is reasonable for k8.
• Permutation Specify for each of the k input
  bits, the output position to which it goes. This
  takes klog2 k bits.
• Figure 3-1 shows a secret key algorithm based on
  rounds of substitution and permutation. If we do
  only a single  round, then a bit of input can
  only affect 8 bits of output. There is an optimal
  number of rounds to achieve complete
  randomization. The algorithm take the same effort
  to reverse (decrypt).

4
(No Transcript)
5
Data Encryption Standard (DES)

• Key length 56 8 parity bits 64 bits
• 8 bits are used for parity check, why is that?
  Possible reason to make it 256 times less secure
  against exhaustive search! read p. 63 in the
  textbook.
• How secure is DES? In 1998, 150K machine can
  break the key in 5 days! For added security,
  triple DES is 256 more secure.

6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
Why decryption works?

• o        The output of the mangler Function  (M)
  is the same for both encryption and decryption.
• o        In encryption M Ln Rn1
• o        In decryption M Rn1 M ( M Ln )
  Ln

15
The Mangler Function  (Figure 3-7)

• Expands R from 32 bits to 48 bits as shown in Fig
  3-7
• It breaks R into eight 4-bit chunks and expand
  each to 6-bit by concatenating the adjacent  2
  bits. Let CRi refer to chunk i of expanded R. The
  48-bit K is broken to eight 6-bit chunks. 
• Let CKi refer to chunk i of  K. Let Si  CRi
  Cki Si is fed into an S-box, a substitution
  which produces a 4-bit output for each possible
  6-bit input as shown in Figure 3-8
• The 8 S-boxes specified  in Figures 3-9 to 3-16.
• The 4-bit output of each of the eight S-boxes is
  permuted as shown in Figure 3-17 (it has security
  value to ensure that the output of an S-box in
  one round affects the input of multiple S-boxes
  on the next round)

16
Mangler Function in DES
17
Mangler Function

• 48-bit Key and the expanded 48-bit R are broken
  into 8 chunks of 6-bits each.

18
(No Transcript)
19


20
International Data Encryption Algorithm (IDEA)

• Encrypts 64-bit blocks using 128-bit key. It is
  similar to DES since it
• operates in rounds
• the mangler function runs in the same direction
  for both encryption and decryption
• It differs from DES since
• Designed to be efficient in software (as opposed
  to DESs hardware orientation)
• The encryption and decryption keys are different
  but related in a complex manner.

21
(No Transcript)
22
IDEA primitive operations

•    exclusive OR   addition mod 216 and x 
  multiplication mod 2161
• These operations are reversible
• a K A        A K    a           since  
  (a K) K   a a K A         A (-K)
  a         since   (a K) (-K) a a x K
  A         A x (K-1) a        since (a x K) x
  (K-1) a K-1 is the multiplicative inverse of K
  such that K K-1 1 mod (2161)
• Example Consider 24 instead of 216. K 1101
  -K0000-11010011, a1001, K-1 0100 (Since
  41352 1317 (17 241) Euclids algorithm
  sec 7.4)
• a K0100 (a K) K1001
• aK 0110 (aK)(-K)1001
• axK 913 mod 1715 (axK)xK-1mod 17 60 mod 17
  9 a

23
Key Expansion (Encryption)

• The 128-bit key is expanded into 52  16-bit keys
  K1, K2 , ....K52. Step 1 Keys K1.K8 are
  generated by taking 8 chunks of 16-bits each
• Step 2 Keys K9K16 are generated by starting
  from the 25th bit, wrapping around the first 25
  bits at the end, and taking 16-bit chunks.
• Step 3 Wrap around 25 more bits to the end, and
  generate keys K17K24.
• This process is repeated until all keys K1K52
  are generated

24

• X is the modified multiply operation, and is a
  modified add.
• To get the original values back, the inverse of
  Ka is used for X and Xb (mod 216) for . (16-bit
  keys 64-bit data broken up into 4 16-bit blocks
  Xa, Xb, Xc, Xd)

25
Decryption

• Same code can perform either encryption or
  decryption given different expanded keys.
• The the inverses of the encryption keys and use
  them in the opposite order (use the inverse of
  the last-used encryption key as the first used
  used when doing encryption).
• Since the last encryption round (an odd-round)
  used keys K49,K50,K51,K52,
• The first decryption round uses the inverses of
  the keys K49-K52.

26
Even Round (Figure 3-22)
27
Advanced  Encryption Standard (AES)

• Developed with the help of NIST as an efficient,
  flexible, secure and unencumbered (free to
  implement) standard  for protecting sensitive non
  classified, U.S. government information.
• NIST selected an algorithm called Rijndael (named
  after two Belgium cryptographers Rijmen
  Daemen).
• It uses a variety of block and key sizes (mainly
  128, 192 and 256) and the standards are named
  AES-128, AES-192, AES-256! (block sizes are
  fixed in all to 128 bits).
• It is similar to DES and IDEA in that there are
  rounds and key expansion.

28
Basic Structure (Figure 3-23)
29
AES Parameters

• Nb is the number of 32-bit words in an
  encryption  block. E.g., for AES-128 Nb 4.
• Nk is the number of 32-bit words in an
  encryption key. E.g., for AES-128 Nk 4.
• Nr is the number of rounds. It should be large
  enough to allow sufficient mixing so that each
  bit of a plain text block or a key has a complex
  effect on each bit of the resulting cipher text.
• Nr 6 Max (Nb, Nk), E.g., for AES-128 Nr
  10.

30
Primitive Operations

• XOR
• Octet-Substitution (S-box) (see Figure 3-24)
• A rearrangement of octets (rotating rows and
  columns).
• An operation called MixColumn  Replace a column
  with another. Each octet of the input column is
  used as index to retrieve a column from a table
  (see Figure 3-26). each retrieved column is
  rotated and the four rotated columns are 'd
  together to produce the output column (see Figure
  3-25) nibble 4 bits

31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
Inverse Cipher

•     is its own inverse
•     The inverse of S-box is given by a different
  table (Fig 3-27)
•    The inverse of rotating is another rotation
  in the opposite direction.
•    The inverse of MixColumn is called
  InvMixCoumn is just like MixColumn using a
  different table (Fig 3-28).

35
Key Expansion

• Arrange the key as Nk columns and iteratively
  generate the next Nk columns (see Figure 3-29
  and 3-30). The Ci  are constants  defined  in
  Figure 3-31.

36
(No Transcript)
37
(No Transcript)
38
Rounds

• Each round is an identical sequence of 3
  operations 1. Each octet of the state has the
  S-box applied. 2. For AES-128     Row  i of
  the state  is rotated  left i columns (i0, 1, 2,
  3). 3. Each column of the state has MixColumn
  applied to it     (The last round omits this
  operation).

39
Inverse Rounds

• Since each operation is invertible, decryption
  can be done by performing the inverse of each
  operation in the opposite order and using the
  round keys in the reverse order.

40
RC4

• Ron Rivest (of the famous RCA) is the inventor
• A long random string is  called a one-time pad.
  A stream cipher generates a one-time pad and
  applies it to a stream of plain text with . RC4
  is a stream cipher designed by Ron Rivest. Page
  93 gives a C code for RC4 one-time pad generator.

41
(No Transcript)