Symmetric encryption principles

Symmetric encryption principles

Security depends on the secrecy of the key, not thealgorithm
A good algorithm is a good trade-off between security and efficiency

Stream ciphers

Stream ciphers: RC4

 Designed by Ron Rivest, 1987
 Variable key size, byte-oriented operation
 Used in SSL, WEP, WPA etc.
 Efficient to implement in software, relatively

for i =0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];
/* Initial Permutation of S */
j= 0;
for i= 0 to 255 do
j =(j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);
/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];

 Weaknesses:
1. Bias in initial output: Pr[ 2nd byte = 0 ] = 2/256
2. Prob. of (0,0) is 1/2562 + 1/2563

Block ciphers

overview

 A block cipher processes the plaintext input in fixed sized blocks and produces a block of ciphertext of equal size for each plaintext block

 Components:
◦ Block size
◦ Key size
◦ Number of rounds
◦ Subkey generation algorithm
◦ Round function

feistel network

general structure used by symmetric block ciphers
 All rounds have the same structure
 Decryption process is exactly the inverse of encryption. (Why?)

LD 1=RD 0=LE 16=RE 15

RD 1=RE 16 XOR F k16(LE 16)

      =(LE 15   XOR  Fk16(RE15)) XOR Fk16(LE16)

      =(LE15  XOR  Fk16(RE15)) XOR Fk16(RE15)

      =  LE 15
 LEi= REi-1

   REi= LEi-1 XOR F（REi-1）

DES

 A 16 round feistel network
 It is a “block’’ cipher with key length 56 bits.
 It was designed by IBM in 1976 for the National Bureau of Standards (NBS), with approval from the National Security Agency (NSA).
 It had been used as a standard for encryption until 2000.
 A new encryption standard was adopted in 2000, as a replacement of DES.

 The same 56-bit cipher key is used for both encryption and
decryption
 The origin 56-bit key is expanded into 16 48-bit round keys
 DES takes 64-bit plaintext and creates a 64-bit ciphertext
 Initial permutation and final permutation

 Rounds:
◦ F, the function
 Expansion
 Key
 S-box

3DES

 The analysis of security property of DES is out of the scope of this course,
 1997: DES broken by exhaustive search
 3DES was incorporated as part of the Data Encryption Standard in 1999 with the publication of FIPS 46-3

AES

 A replacement for DES was needed because DES is subject to exhaustive key search attacks.
 US NIST issued call for ciphers in 1997
 15 candidates accepted in Jun 98
 5 were shortlisted in Aug-99
 Rijndael was selected as the AES in Oct-2000
 Issued as FIPS PUB 197 standard in Nov-2001

 A private key symmetric block cipher
 128-bit plaintext block, 128/192/256-bit keys
 Stronger & faster than “Triple-DES”
 Active life of 20-30 years
 Efficient in both software and hardware implementations
 Simple in design
 Suitable for smart cards (memory requirement)

 An initial round-key addition
 9/11/13 rounds, corresponds to, 128/192/156 bit keys
 A final round, similar to other round, but without mixed column operations

 Round Function : ByteSub
 Multiplicative inverse in GF(28) is used