# MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

## Presentation on theme: "MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3."— Presentation transcript:

MAC Raushan

DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3 3 k1=5 0 1 f f xor 1 k2=7 0 0 =0001 xor 0001=0000 = 0 f(r,k)=(2*r+k^2)%8 f(0,7)=(2*0+7^2)%8=1 1 xor 1 CipherText 2 Round simple fiestel network 0

ECB p1p2p3p4 p1p2p3p4 PlainText Blocks 4*4=16bits 2*4=8bits c1c2c3c4 CipherText Block Cipher Encryptio n e.g. DES, AES Disadvantage: ciphertext repeats for same plaintext KKKK

ECB: example 31313131 31313131 PlainText Blocks 4*4=16bits 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3 3 k1=5 0 1 f f xor 1 k2=7 0 0 =0001 xor 0001=0000 = 0 f(r,k)=(2*r+k^2)%8 f(0,7)=(2*0+7^2)%8=1 1 xor 1 31 f f 3 k1=5 0 1 f f xor 1 k2=7 0 0 00000000 CipherText 2 Round simple fiestel network

CBC : Code Block Chaining p1p2p3p4 p1p2p3p4 PlainText Blocks c1 c2 CipherText Block cipher Encryption Algorithm (e.g. DES, AES etc.) xor Initial Vector xor c3 c4 to avoid repeating cipher text for same plaintext

Code Block Chaining: example 31313131 31313131 PlainText Blocks 7 6 CipherText xor Initial Vector= 27 xor 0 3 00110001 00100101 ————— 00010100 ————— 16 16 f f xor 5 k1=5 4 6 f f xor 1 k2=7 6 7 =0001 xor 0101=0100 = 4 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*6+5^2)%8=5 1 xor 5 =0110 xor 0001=0111 = 7 f(r,k)=(2*r+k^2)%8 f(4,7)=(2*4+7^2)%8=1 6 xor 1 76 00110001 01110110 ————— 01000111 ————— 47 47 f f xor 7 k1=5 3 7 f f xor 7 k2=7 3 0 f(r,k)=(2*r+k^2)%8 =0100 xor 0111=0011 = 3 f(7,5)=(2*7+5^2)%8=7 4 xor 7 =0111 xor 0111=0000 = 0 f(r,k)=(2*r+k^2)%8 f(3,7)=(2*3+7^2)%8=7 7 xor 7 76037603

Why Integrity Check So far we have encrypted message which gives confidentiality. But, how can we ensure that Bob is receiving correct message from Alice? that is message is not modified by Eve. This is known as Integrity Check. One way is “Message Authentication Code”

MAC In cryptography, a message authentication code (often MAC) is a short piece of information used to authentication a message and to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin.

MAC MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. For the same reason, MACs do not provide the property of non-repudiation offered by signatures: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.

MAC MAC algorithms can be constructed from other cryptographic primitives, such as cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms ( OMAC, CBC, PMAC). However many of the fastest MAC algorithms such as UMAC, VMAC are constructed based on universal hashing

Message Integrity Alice Bob Alice sends message m_a. Bob receives message m_b. Bob wants to verify that m_b=m_a. Eve Eve might alter message m_a to m_e

Message Authentication Code (MAC) MAC uses two algorithms: MAC Signing Algorithm (Alice signs m_a) MAC Verification Algorithm (Bob verifies if m_b=m_a)

MAC Alice Bob Alice sends message m_a and a tag using MAC signing algo [m_a, tag] Bob uses MAC verification Algo to check if m_b=m_a MAC signing Algo m_a K tag MAC verifying Algo, m_b=m_a ? m_b K tag yes/no k k Alice & Bob shares a key

MAC

Notice: we are sending message (plaintext or encrypted) and sending a tag message can be gigabits, but tag is small 90/100bits. How to generate tag? By using MAC signing Algo. One example is CBC-MAC.

MAC signing Algo: example CBC-MAC p1p2p3p4 p1p2p3p4 PlainText Blocks c1 c2 Block cipher Encryption Algorithm (e.g. DES, AES etc.) xor Initial Vector=0 xor c3 c4 tag Here, message = p1p2p3p4 tag=c3c4 Note: CBC-MAC uses IV=0 Here, message = p1p2p3p4 tag=c3c4 Note: CBC-MAC uses IV=0

CBC-MAC: example 31313131 31313131 PlainText Blocks 0 xor Initial Vector= 0 xor 0 00110001 00000000 ————— 00110001 ————— 31 31 f f xor 3 k1=5 0 1 f f xor 1 k2=7 0 0 =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 3 xor 3 =0001 xor 0001=0000 = 0 f(r,k)=(2*r+k^2)%8 f(0,7)=(2*0+7^2)%8=1 1 xor 1 00 00110001 00000000 ————— 00110001 ————— 31 31 f f xor 3 k1=5 0 1 f f xor 1 k2=7 0 0 Now, Alice sends message = 3131 and tag=00 Now, Alice sends message = 3131 and tag=00

MAC verifying Algo: example CBC-MAC Now, Bob receives message = 3131 and tag=00 Now, Bob receives message = 3131 and tag=00 Bob uses CBC-MAC and generates the tag_bob. Then checks, if tag_bob=tag. If yes, then the message is authentic otherwise tampered.

MAC It uses key Used for integrity check CBC is used for encrypting message whereas CBC- MAC is used for integrity check. It is slow. Integrity check must be fast. Another way is hash[keyless]. Hash - next class..

Similar presentations