Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Conventional Encryption: Algorithms Some of the most important symmetric.

Similar presentations


Presentation on theme: "1 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Conventional Encryption: Algorithms Some of the most important symmetric."— Presentation transcript:

1 1 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Conventional Encryption: Algorithms Some of the most important symmetric block ciphers in current use –Triple DES –IDEA –Blowfish –RC5 –CAST-128 –RC2

2 2 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Multiple Encryption with DES Double DES C = E K2 [E K1 [P]]; D = D K1 [D K2 [C]] 112 bit key is safe from brute force attack Need to examine if  K 3 s.t. E K2 [E K1 [P]] = E K3 [P] The answer is No!! (Proved in 1992) # of mappings between 64-bit blocks = 2 64 ! = DES defines one mapping for each different key, for a total # of mappings: 2 56 <10 17 –If DES is used twice with different keys, it will produce one of the many mappings that is not defined by a single application of DES Triple DES

3 3 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Meet In The Middle Attack Let X = E K1 (P). Clearly X = D K2 (C) Given a known, construct a table of size 2 56 with all values of K 1 and E K1 (P) Sort on E K1 (P) Now decrypt C with all values of K 2. Check all results against table Any match is a candidate pair –If this pair is checked with another plaintext-ciphertext pair, it can be determined with the probability (If this pair is correct with another plaintext-ciphertext pair, it is a correct key with the probability ) Total effort is O(2 56 ), not (Not much better than the 2 55 required for single DES) Triple DES

4 4 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Triple DES C = E K3 (D K2 (E K1 (P))) No cryptographic significance to middle decrypt operation –backwards compatible with existing single DES (K 1 = K 2 = K 3 ) Two-key Triple DES (K 1 = K 3 ) or three-key triple DES Security of Triple DES –no known practical attacks –brute force search impossible –meet-in-the-middle attacks need 2 56 plaintext-ciphertext pairs per key A popular current alternative Major disadvantage is speed (3x slower) Triple DES

5 5 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon International Data Encryption Algorithm (IDEA) Xuejia Lai and James Massey, ETH (Swiss Federal Institute of Technology), 1991 Patented –patent is held by Ascom-Tech –Non-commercial use of IDEA is free. Commercial licenses can be obtained by contacting Ascom-Tech Used in PGP 128-bit key, 64-bit block Variant Feistel network (not Feistel) Eight rounds + final transformation IDEA

6 6 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon IDEA Basic Operations Uses three operations. Each operation is performed on two 16-bit inputs to produce a single 16-bit output –Bit-by-bit XOR (  ) –(Unsigned 16-bit integers) addition modulo 2 16 ( ) –(Unsigned 16-bit integers) multiplication modulo (except that a block of all zeros is treated as representing 2 16 (  ) Three operations are incompatible in the sense that –No pair of the three operations satisfies a distributive law. e.g., a (b  c)  (a b)  (a c) –No pair of the three operations satisfies an associative law. e.g., a (b  c)  (a b)  c In IDEA, confusion is achieved by using these three separate operations in combination –Provides a complex transformation of the input, making cryptanalysis much more difficult (than with a DES which uses just a single XOR) IDEA

7 7 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon IDEA Basic Operations - Examples Examples for 2-bit operands IDEA

8 8 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon IDEA Basic Building Block, MA IDEA Basic building block is the Multiplication/Addition (MA) structure –F1,F2: Two 16-bit values derived from the plaintext –Z5,Z6: Two 16-bit subkeys derived from the key –G1,G2: Two 16-bit outputs In IDEA, diffusion is provided by MA –Each output bit depends on every bit of inputs (plaintext-derived inputs and subkey inputs) –This MA structure is repeated eight times, providing very effective diffusion

9 9 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Overall IDEA Encryption Structure IDEA

10 10 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Single Round of IDEA (1 st Round) IDEA Transformation Sub-encryption

11 11 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Output Transformation Stage of IDEA IDEA

12 12 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon IDEA Subkey Generation bit subkeys are generated from the 128-bit key The first eight subkeys, Z 1, Z 2, …, Z 8, are taken directly from the key Then a circular left shift of 25 bit positions is applied to the key, and the next eight keys are extracted. This procedure is repeated until all 52 subkeys are generated

13 13 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon IDEA IDEA Decryption Use the same structure (algorithm) as the encryption, but with different subkeys Decryption subkeys U 1, …, U 52 are derived from encryption subkeys

14 14 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon IDEA Encryption and Decryption Subkeys Z j -1 : multiplicative inverse; Z j  Z j -1 = 1 -Z j : additive inverse; -Z j Z j = 0

15 15 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Blowfish Designed by Bruce Schneier, 1993 Freely available (Unpatented; Royalty-free; No license required; Free source code available) Used in SSH, OpenBSD, IPSec Block cipher: 64-bit block Variable key length; 32 bits to 448 bits Fast encryption (much faster than DES and IDEA) Compact Simple Blowfish

16 16 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Subkey and S-Box Generation The key ranging from 32 bits to 448 bits (1 to bit words) is stored in a K-array: K 1, K 2, …, K j 1  j  14 The bit subkeys are stored in the P-array: P 1, P 2, …, P 18 There are 4 S-boxes, each with 8x32(=256) 32-bit entries P-array and then 4 S-boxes are initialized with fractional part of  : Blowfish S 1,0, S 1,1, …, S 1,255 S 2,0, S 2,1, …, S 2,255 S 3,0, S 3,1, …, S 3,255 S 4,0, S 4,1, …, S 4,255 P 1 = 243F6A88 16 P 2 = 85A308D3 16    S 4,254 = 578FDFE3 16 S 4,255 = 3AC372E6 16

17 17 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Subkey and S-Box Initialization P-array is XORed with K-array (reusing K-array if necessary): P 1 = P 1  K 1, P 2 = P 2  K 2, …, P j = P j  K j, P j+1 = P j+1  K 1, P j+2 = P j+2  K 2, … Then update P-array and S-boxes as follows: Where E P,S [Y] is the ciphertext produced by encrypting Y using Blowfish with the P and S arrays 521 executions in total are required to produce the final P and S arrays Blowfish P 1, P 2 = E P,S [0] P 3, P 4 = E P,S [P 1 || P 2 ]    P 17, P 18 = E P,S [P 15 || P 16 ] S 1,0, S 1,1 = E P,S [P 17 || P 18 ]    S 4,254, S 4,255 = E P,S [P 4,252 || P 4,253 ]

18 18 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Blowfish Encryption/Decryption Slight variant of classic Feistel network –L and R are both processed in each round –16 rounds –Two extra XORs at the end Blowfish          

19 19 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Single Blowfish Round Uses addition modulo 2 32 and XOR Round function processes four bytes –F(a, b, c, d) = ((S 1,a + S 2,b )  S 3,c ) + S 4,d –Followed by Feistel swap Blowfish   

20 20 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Characteristics of Blowfish Key-dependent S-Boxes Operations are performed on both halves of data Time-consuming subkey generation process –Makes it bad for rapid key switching, but makes brute force expensive Perfect avalanche effect Fast Blowfish

21 21 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC5 Designed by Ronald Rivest (MIT Prof.) for RSA Data Security Secret-key block cipher Parameterized algorithm Features –Data-dependent rotations –Variable block size –Variable key size –Variable number of rounds RC5

22 22 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Motivations Suitable for hardware and software Fast Adaptable to processors of different word lengths Variable number of rounds Variable-length key Simple Low memory usage High security Emphasis of data-dependent rotations RC5

23 23 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Parameterization RC5 is word-oriented –Two-word input and two-word output Representation –Word size: w (16,32,64) –Number of rounds: r (0,1, …, 255) –Number of bytes in key K: b (0,1, …, 255) –RC5 algorithm notation: RC5-w/r/b RC5 algorithm example: RC5-32/16/7 –Similar to DES –Two 32-bit word inputs and outputs –16 rounds –7-byte (56-bit) key RC5-32/12/16 –“nominal” version RC5

24 24 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Key Expansion RC5 performs complex operations on the secret key to generate a total of t subkeys, which are stored in S array, S[0],S[1], …, S[t-1] Each subkey is one word (w bits) in length Two subkeys are used in each round, and two more subkeys are used outside the r-round  t = 2r+2 In key expansion, magic constants are used –P w = Odd((e  2)2 w );e= …. (base of natural logarithms) –Q w = Odd((   1)2 w );  = …. (golden ratio = (1+sqr(5))/2) »Odd(x): odd integer nearest to x –Example RC5 w P w B7E1 B7E15163 B7E151628AED2A6B Q w 9E37 9E3779B9 9E3779B97F4A7C15

25 25 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Key Expansion Algorithm Step-1: Convert secret key bytes to words –b byte key K, (K[0], K[1], …, K[b-1]) is converted to word array L[0], L[1], …, L[c-1] Step-2: Initialize subkey array S (S[0], S[1], …, S[t-1]) S[0] = P w ; for i=1 to t-1 do s[i] = s[i-1] + Q w ; Step-3: Mix the secret key into subkey array S RC5 i=j=X=Y=0; Do 3*max(t, c) times: X=S[i]=(S[i]+X+Y)<<<3; Y=L[j]=(L[j]+X+Y)<<<(X+Y); i=(i+1) mod t; j=(j+1) mod c; Note: <<<  cyclic rotate left

26 26 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC5 Key Expansion RC5

27 27 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC5 Encryption RC5 LE 0 = A + S[0]; RE 0 = B + S[1]; for i = 1 to r do LE i = ((LE i-1  RE i-1 ) <<< RE i-1 ) + S[2i]; RE i = ((RE i-1  LE i ) <<< LE i ) + S[2i+1];     RC5 uses 3 primitive operations –Addition, Subtraction (of words): modulo 2 w –Bitwise XOR –Left, right circular rotation Encryption

28 28 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC5 Decryption RC5 for i = r downto 1 do RD i-1 = ((RD i – S[2i+1] >>> LD i )  LD i ) ; LD i-1 = ((LD i – S[2i] >>> Rd i-1 )  RD i-1 ) ; B = RD 0 - S[1]; A = LD 0 - S[0];  

29 29 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon CAST-128 Developed by Carlisle Adams and Stafford Tavares Used in IPSec 64-bit block, 40- to 128-bit keys (in 8-bit increments) Classical Feistel network structure –Sixteen rounds –Two subkeys per round, one 32-bit (Km i ), one 5-bit (Kr i ) –Three different round functions –Four operations: addition(+) and subtraction(-) modulo 2 32, XOR, and (variable) circular left rotate (<<<) –5-bit subkey (Kr i ) determines rotate amount Encryption Decryption: same as encryption with the keys applied in reverse order CAST-128 L 0 ||R 0 = Plaintext for i = 1 to 16 do L i = R i-1 R i = L i-1  F i [R i-1, Km i, Kr i ]; Ciphertext = L 16 ||R 16

30 30 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon CAST-128 Round Function F CAST-128 Rounds 1,4 I=(Km i + R i-1 )<<

31 31 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon CAST-128 S-Boxes CAST-128 uses 8 S-boxes Four of these, S-box 1 thru S-box 4 are used in the encryption/decryption process S-box 5 thru S-box 8 are used in the subkey generation S-boxes contain fixed (predefined) values Each S-box contains bit values CAST-128

32 32 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon CAST-128 Subkey Generation Label the 128-bit (16-byte) key as: x0x1x3x4x5x6x7x8xAxBxCxDxExF Symbol Definitions Km 1, …, Km 16 Sixteen 32-bit masking subkeys (one per round) Kr 1, …, Kr 16 Sixteen 32-bit rotate subkeys (one per round), of which only the least significant 5 bits of each are used z0, …, zFIntermediate (temporary) bytes K 1, …, K 32 Intermediate (temporary) words K 1 thru K 32 are calculated from the key using S-boxes 5 thru 8 (See next pages) Then subkeys are defined as for i = 1 to 16 do Km i = K i ; Kr i = K 16+i ; CAST-128

33 33 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon z0z1z2z3 = x0x1x2x3  S5[xD]  S6[xF]  S7[xC]  S8[xE]  S7[x8] z4z5z6z7 = x8x9xAxB  S5[z0]  S6[z2]  S7[z1]  S8[z3]  S8[xA] z8z9zAzB = xCxDxExF  S5[z7]  S6[z6]  S7[z5]  S8[z4]  S5[x9] zCzDzEzF = x4x5x6x7  S5[zA]  S6[z9]  S7[zB]  S8[z8]  S6[xB] K1 = S5[z8]  S6[z9]  S7[z7]  S8[z6]  S5[z2] K2 = S5[zA]  S6[zB]  S7[z5]  S8[z4]  S6[z6] K3 = S5[zC]  S6[zD]  S7[z3]  S8[z2]  S7[z9] K4 = S5[zE]  S6[zF]  S7[z1]  S8[z0]  S8[zC] x0x1x2x3 = z8z9zAzB  S5[z5]  S6[z7]  S7[z4]  S8[z6]  S7[z0] x4x5x6x7 = z0z1z2z3  S5[x0]  S6[x2]  S7[x1]  S8[x3]  S8[z2] x8x9xAxB = z4z5z6z7  S5[x7]  S6[x6]  S7[x5]  S8[x4]  S5[z1] xCxDxExF = zCzDzEzF  S5[xA]  S6[x9]  S7[xB]  S8[x8]  S6[z3] K5 = S5[x3]  S6[x2]  S7[xC]  S8[xD]  S5[x8] K6 = S5[x1]  S6[x0]  S7[xE]  S8[xF]  S6[xD] K7 = S5[x7]  S6[x6]  S7[x8]  S8[x9]  S7[x3] K8 = S5[x5]  S6[x4]  S7[xA]  S8[xB]  S8[x7] z0z1z2z3 = x0x1x2x3  S5[xD]  S6[xF]  S7[xC]  S8[xE]  S7[x8] z4z5z6z7 = x8x9xAxB  S5[z0]  S6[z2]  S7[z1]  S8[z3]  S8[xA] z8z9zAzB = xCxDxExF  S5[z7]  S6[z6]  S7[z5]  S8[z4]  S5[x9] zCzDzEzF = x4x5x6x7  S5[zA]  S6[z9]  S7[zB]  S8[z8]  S6[xB] K9 = S5[z3]  S6[z2]  S7[zC]  S8[zD]  S5[z9] K10 = S5[z1]  S6[z0]  S7[zE]  S8[zF]  S6[zC] K11 = S5[z7]  S6[z6]  S7[z8]  S8[z9]  S7[z2] K12 = S5[z5]  S6[z4]  S7[zA]  S8[zB]  S8[z6] x0x1x2x3 = z8z9zAzB  S5[z5]  S6[z7]  S7[z4]  S8[z6]  S7[z0] x4x5x6x7 = z0z1z2z3  S5[x0]  S6[x2]  S7[x1]  S8[x3]  S8[z2] x8x9xAxB = z4z5z6z7  S5[x7]  S6[x6]  S7[x5]  S8[x4]  S5[z1] xCxDxExF = zCzDzEzF  S5[xA]  S6[x9]  S7[xB]  S8[x8]  S6[z3] K13 = S5[x8]  S6[x9]  S7[x7]  S8[x6]  S5[x3] K14 = S5[xA]  S6[xB]  S7[x5]  S8[x4]  S6[x7] K15 = S5[xC]  S6[xD]  S7[x3]  S8[x2]  S7[x8] K16 = S5[xE]  S6[xF]  S7[x1]  S8[x0]  S8[xD] CAST-128 Subkey Generation CAST-128

34 34 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon z0z1z2z3 = x0x1x2x3  S5[xD]  S6[xF]  S7[xC]  S8[xE]  S7[x8] z4z5z6z7 = x8x9xAxB  S5[z0]  S6[z2]  S7[z1]  S8[z3]  S8[xA] z8z9zAzB = xCxDxExF  S5[z7]  S6[z6]  S7[z5]  S8[z4]  S5[x9] zCzDzEzF = x4x5x6x7  S5[zA]  S6[z9]  S7[zB]  S8[z8]  S6[xB] K17 = S5[z8]  S6[z9]  S7[z7]  S8[z6]  S5[z2] K18 = S5[zA]  S6[zB]  S7[z5]  S8[z4]  S6[z6] K19 = S5[zC]  S6[zD]  S7[z3]  S8[z2]  S7[z9] K20 = S5[zE]  S6[zF]  S7[z1]  S8[z0]  S8[zC] x0x1x2x3 = z8z9zAzB  S5[z5]  S6[z7]  S7[z4]  S8[z6]  S7[z0] x4x5x6x7 = z0z1z2z3  S5[x0]  S6[x2]  S7[x1]  S8[x3]  S8[z2] x8x9xAxB = z4z5z6z7  S5[x7]  S6[x6]  S7[x5]  S8[x4]  S5[z1] xCxDxExF = zCzDzEzF  S5[xA]  S6[x9]  S7[xB]  S8[x8]  S6[z3] K21 = S5[x3]  S6[x2]  S7[xC]  S8[xD]  S5[x8] K22 = S5[x1]  S6[x0]  S7[xE]  S8[xF]  S6[xD] K23 = S5[x7]  S6[x6]  S7[x8]  S8[x9]  S7[x3] K24 = S5[x5]  S6[x4]  S7[xA]  S8[xB]  S8[x7] z0z1z2z3 = x0x1x2x3  S5[xD]  S6[xF]  S7[xC]  S8[xE]  S7[x8] z4z5z6z7 = x8x9xAxB  S5[z0]  S6[z2]  S7[z1]  S8[z3]  S8[xA] z8z9zAzB = xCxDxExF  S5[z7]  S6[z6]  S7[z5]  S8[z4]  S5[x9] zCzDzEzF = x4x5x6x7  S5[zA]  S6[z9]  S7[zB]  S8[z8]  S6[xB] K25 = S5[z3]  S6[z2]  S7[zC]  S8[zD]  S5[z9] K26 = S5[z1]  S6[z0]  S7[zE]  S8[zF]  S6[zC] K27 = S5[z7]  S6[z6]  S7[z8]  S8[z9]  S7[z2] K28 = S5[z5]  S6[z4]  S7[zA]  S8[zB]  S8[z6] x0x1x2x3 = z8z9zAzB  S5[z5]  S6[z7]  S7[z4]  S8[z6]  S7[z0] x4x5x6x7 = z0z1z2z3  S5[x0]  S6[x2]  S7[x1]  S8[x3]  S8[z2] x8x9xAxB = z4z5z6z7  S5[x7]  S6[x6]  S7[x5]  S8[x4]  S5[z1] xCxDxExF = zCzDzEzF  S5[xA]  S6[x9]  S7[xB]  S8[x8]  S6[z3] K29 = S5[x8]  S6[x9]  S7[x7]  S8[x6]  S5[x3] K30 = S5[xA]  S6[xB]  S7[x5]  S8[x4]  S6[x7] K31 = S5[xC]  S6[xD]  S7[x3]  S8[x2]  S7[x8] K32 = S5[xE]  S6[xF]  S7[x1]  S8[x0]  S8[xD] CAST-128 Subkey Generation CAST-128

35 35 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon CAST-128 S-Box S1 CAST-128 S-Box S1 30fb40d4 9fa0ff0b 6beccd2f 3f258c7a 1e213f2f 9c004dd3 6003e540 cf9fc949 bfd4af27 88bbbdb5 e d e63a0e0 15c361d2 c2e7661d 22d4ff8e 28683b6f c07fd059 ff2379c8 775f50e2 43c340d3 df2f ca41a a2d2bd2d a1c9e0d6 346c b76d f2f 2abe32e1 aa54166b 22568e3a a2d341d0 66db40c8 a784392f 004dff2f 2db9d2de 97943fac 4a97c1d b7 b5f437a7 b82cbaef d751d159 6ff7f0ed 5a097a1f 827b68d0 90ecf52e 22b0c054 bc8e5935 4b6d2f7f 50bb64a2 d bee5812d b e93b159f b48ee411 4bff345d fd45c240 ad31973f c4f6d02e 55fc8165 d5b1caad a1ac2dae a2d4b76d c19b0c f2 0c6e4f38 a4e4bfd7 4f5ba c1d2f c59c5319 b949e354 b04669fe b1b6ab8a c71358dd 6385c f935d 57538ad5 6a e63d37e0 2a54f6b3 3a787d5f 6276a0b5 19a6fcdf 7a42206a 29f9d4d5 f61b1891 bb72275e aa c6b505eb 84c7cb8c 2ad75a0f 874a1427 a2d1936b 2ad286af aa56d291 d c750d 93b39e c9 6c00b32d 73e2bb14 a0bebc3c eab 3f328b cf82 59a2cea6 04ee002e 89fe78e6 3fab ff6c f c5c8 76cb5ad6 d49974c9 ca180dcf d5 c7fa5cf6 8ac e79e13 47da91d0 f40f9086 a7e2419e ef495 aa573b04 4a805d8d d a3c bf64cddf ba57a68e 75c6372b 50afd341 a7c a0bf5 6b54bfab 2b0b1426 ab4cc9d7 449ccd82 f7fbf265 ab85c5f3 1b55db94 aad4e324 cfa4bd3f 2deaa3e2 9e204d02 c8bd25ac eadf55b3 d5bd9e98 e31231b2 2ad5ad6c de adbe4528 d8710f69 aa51c90f aa786bf f1e aa51a79b 2ad344cc 7b5a41f0 d37cfbad 1b ece491 b4c332e d4 c9600acc ce387e6d bf6bb16c 6a70fb78 0d03d9c9 d4df39de e01063da 4736f464 5ad328d8 b347cc96 75bb0fc bfb 4ffbcc35 b58bcf6a e11f0abc bfc5fe4a a70aec10 ac39570a 3f04442f 6188b153 e0397a2e 5727cb79 9ceb418f 1cacd68d 2ad37c cb9d c69dff09 c75b65f0 d9db40d8 ec0e ead4 b11c3274 dd24cb9e 7e1c54bd f01144f9 d2240eb1 9675b3fd a3ac3755 d47c27af 51c85f4d a5bb15e f0 ca042cf1 011a37ea 8dbfaadb 35ba3e4a 3526ffa0 c37b4d09 bc306ed9 98a f725 ff5e569d 0ced63d0 7c63b2cf 700b45e1 d5ea50f1 85a92872 af1fbda7 d a7870bf3 2d3b4d79 42e cd0ede db8 f881814c 474d6ad7 7c0c5e5c d b7298 f5d2f4db ab e2f1e c9e bd91e046 9a56456e dc39200c 20c8c bda1c e1e696ff b141ab08 7cca89b9 1a69e783 02cc4843 a2f7c ef47d 427b169c 5ac9f049 dd8f0f00 5c8165bf

36 36 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC2 Developed by Ron Rivest (RSA Data Security) 64-bit block cipher Variable key size (from one byte up to 128 bytes) Designed to be easy to implement on 16-bit microprocessor –Use 16-bit word, 16-bit arithmetic (addition, XOR, AND, ~, rotate) Non-Feistel 18 rounds (mixing/mashing) Used in S/MIME RC2

37 37 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC2 Key Expansion RC2 assumes 128 (64 word) byte key buffer –For byte operation, key array is L[0], …, L[127]; each L[i] is a byte –For word operation, key array is K[0], …, K[63]; each K[i] is a 16-bit word –These are alternative views of the same key buffer Key expansion –Assume that exactly T bytes of key are supplied, 1  T  128 –The purpose of key expansion algorithm is to modify the key buffer so that each bit of the expanded key depends in a complicated way on every bit of the supplied input key –Key expansion begins by placing the supplied T-byte key into bytes L[0], …, L[T-1] of the key buffer –L array is then computed making use of an auxiliary array P –P array is a random permutation of values of 0,…,255, which is constructed based on  = … (See next page) –The computation is RC2 for i = T to 127 do L[i] = P[L[i-1] + L[i-T]]; L[128-T] = P[L[128-T]] For i = 127 – T down to 0 do L[i]=P[L[i+1]  L[i+T]];

38 38 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon PiTable (P-array) RC2 Here is the P array in hexadecimal notation: a b c d e f 00: d9 78 f9 c4 19 dd b5 ed 28 e9 fd 79 4a a0 d8 9d 10: c6 7e b e 62 4c b fb a2 20: 17 9a 59 f5 87 b3 4f d 8d d 32 30: bd 8f 40 eb 86 b7 7b 0b f c 6b 4e 82 40: 54 d ce 60 b2 1c c0 14 a7 8c f1 dc 50: ca 1f 3b be e4 d1 42 3d d4 30 a3 3c b : 6f bf 0e da f2 1d 9b bc : f8 11 c7 f6 90 ef 3e e7 06 c3 d5 2f c8 66 1e d7 80: 08 e8 ea de ee f7 84 aa 72 ac 35 4d 6a 2a 90: 96 1a d2 71 5a b 9f d0 5e a4 ec a0: c2 e0 41 6e 0f 51 cb cc af 50 a1 f b0: 99 7c 3a b8 b4 7a fc b c0: 2d 5d fa 98 e3 8a 92 ae 05 df c ba c9 d0: d3 00 e6 cf e1 9e a8 2c f 58 e2 89 a9 e0: 0d b ab 33 ff b0 bb 48 0c 5f b9 b1 cd 2e f0: c5 f3 db 47 e5 a5 9c 77 0a a fe 7f c1 ad

39 39 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC2 Encryption Encryption algorithm takes a 64-bit input stored in R[0], R[1], R[2], R[3], and places the result back in R[0] thru R[3]. Algorithm consists of 18 rounds of two types: mixing and mashing Mixing round: RC2 R[0] = R[0] + K[j] + (R[3] & R[2]) + ((~R[3] & R[1]); R[0] = R[0] <<< 1; j = j + 1; R[1] = R[1] + K[j] + (R[0] & R[3]) + ((~R[0] & R[2]); R[1] = R[1] <<< 2; j = j + 1; R[2] = R[2] + K[j] + (R[1] & R[0]) + ((~R[1] & R[3]); R[2] = R[2] <<< 3; j = j + 1; R[3] = R[3] + K[j] + (R[2] & R[1]) + ((~R[2] & R[0]); R[3] = R[3] <<< 5; j = j + 1; Here j is the global variable; K[j] is the first subkey word that has not yet been used

40 40 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon RC2 Encryption Mashing round RC2 1.Initialize j to zero 2.Perform five mixing rounds (j = 20) 3.Perform one mashing round 4.Perform six mixing rounds (j = 44) 5.Perform one mashing round 6.Perform five mixing rounds (j=64) Decryption: Inverse operation of encryption with the keys used in reverse order RC2 R[0] = R[0] + K[R[3] & 63]; R[1] = R[1] + K[R[0] & 63]; R[2] = R[2] + K[R[1] & 63]; R[3] = R[3] + K[R[2] & 63];

41 41 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Characteristics of Advanced Block Ciphers Variable key length –Blowfish, RC5, CAST-128, RC2 Mixed operators –More than one arithmetic and/or Boolean operator, especially ones that are not associative or distributive –These operators provide nonlinearity as an alternative to S-boxes Data-dependent rotation –Provide excellent confusion and diffusion –RC5 Key-dependent rotation –CAST-128 Key features found in advanced symmetric block ciphers (not in DES)

42 42 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Characteristics of Advanced Block Ciphers Key-dependent S-boxes –Blowfish Expensive key schedule computation –Blowfish Variable round function (F) –CAST-128 Variable plaintext/ciphertext block length –RC5 Variable number of rounds –RC5 Operation on both data halves each round –IDEA, Blowfish, RC5

43 43 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Chapter 4 HW Prob. 4.5 Prob. 4.8 Prob. 4.9 Prob. 4.13


Download ppt "1 Conventional Encryption: Algorithms Cryptography & Network Security H. Yoon Conventional Encryption: Algorithms Some of the most important symmetric."

Similar presentations


Ads by Google