Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comparison AES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max 2G1704: Internet Security and Privacy Weltz Max.

Published byCalvin Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Comparison AES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max 2G1704: Internet Security and Privacy Weltz Max."— Presentation transcript:

1 Comparison AES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max 2G1704: Internet Security and Privacy Weltz Max

2 Outline Historical perspective Description of AES-Rijndael Description of Serpent Comparison Historical perspective Description of AES-Rijndael Description of Serpent Comparison

3 Historical perspective 1998 Advanced Encryption Standard contest 1999 Serpent and Rijndael among the last 5 finalist algorithms –Along with Mars, RC6 and Twofish 2000 Rijndael selected as AES algorithm 1998 Advanced Encryption Standard contest 1999 Serpent and Rijndael among the last 5 finalist algorithms –Along with Mars, RC6 and Twofish 2000 Rijndael selected as AES algorithm

4 Main elements –Parameters Key size: 128, 160, 192, 224, 256bits Block size: 128, 160, 192, 224, 256bits Number of rounds: 6+max(Bs,Ks) –Operations  Two substitutions tables Rearrangement of octets Key schedule Main elements –Parameters Key size: 128, 160, 192, 224, 256bits Block size: 128, 160, 192, 224, 256bits Number of rounds: 6+max(Bs,Ks) –Operations  Two substitutions tables Rearrangement of octets Key schedule Description of Rijndael --------------- 32

5 Description of Rijndael State array –Size of Bs –Organized in 4- octet columns State array –Size of Bs –Organized in 4- octet columns

6 Description of Rijndael Rounds 1.Octets through the S-Box 2.Rows shifted 3.Columns mixed Rounds 1.Octets through the S-Box 2.Rows shifted 3.Columns mixed

7 Description of Rijndael Key expansion –As many round as required –Obtain (Nr+1)Bs/32 columns Key expansion –As many round as required –Obtain (Nr+1)Bs/32 columns

8 What is AES-Rijndael? AES’ recommendations for Rijndael –Block size: 128-bits –Key size: 128bits -> AES-128 -> 10 rounds 196bits -> AES-196 -> 12 rounds 256bits -> AES-256 -> 14 rounds AES’ recommendations for Rijndael –Block size: 128-bits –Key size: 128bits -> AES-128 -> 10 rounds 196bits -> AES-196 -> 12 rounds 256bits -> AES-256 -> 14 rounds

9 Description of Serpent Parameters –Key size: 128, 192, 256 bits 128 and 192bit keys are padded with 100… –Block size: 128bits –Number of rounds: 32 16 rounds are supposedly enough Operations –  –8 substitution tables (S-boxes) –Linear transformation –Key schedule Parameters –Key size: 128, 192, 256 bits 128 and 192bit keys are padded with 100… –Block size: 128bits –Number of rounds: 32 16 rounds are supposedly enough Operations –  –8 substitution tables (S-boxes) –Linear transformation –Key schedule

10 Description of Serpent Process –Initial permutation –32 Rounds –Final permutation Permutations –Statically defined –Simplifying the optimized implementation Process –Initial permutation –32 Rounds –Final permutation Permutations –Statically defined –Simplifying the optimized implementation

11 Description of Serpent Rounds 1.Key mixing 2.Pass through S-box 3.Linear transformation Except for the last round –(  33rd subkey) Rounds 1.Key mixing 2.Pass through S-box 3.Linear transformation Except for the last round –(  33rd subkey)

12 Description of Serpent Linear transformation –Left-rotations –  ’ing –Left-shifts Linear transformation –Left-rotations –  ’ing –Left-shifts Source: Wikipedia

13 Description of Serpent Key expansion –Padding (100…) –Affine expansion –S-boxes –Collapsing Key expansion –Padding (100…) –Affine expansion –S-boxes –Collapsing

14 Comparison Process Security Hardware performance Software performance Process Security Hardware performance Software performance

15 Comparison: Process RijndaelSerpent Round 10x 12x 14x S-boxes Raw shifting Columns mixed  Round Key 31x Key mixing S-boxes Linear t. Final t. Key mixing S-boxes Key mixing Adapted from [Lutz02]

16 Comparison: Security RijndaelSerpent Margins (rounds) 6 insecure 10/12/14 suggested AES 15 insecure 17 suggested Authors 16: secure 32 suggested Best known attacks (2006) 7/8/9 rounds11 rounds Comments Known side channel attacks (timing) Better than or equivalent to any other 128bit block cipher Old design

17 Comparison: Hardware Rijndael –2.26Gbit/s @ 88.5MHz –Assets Small number –Of rounds –Of subkeys Identical rounds –Drawbacks Variable number of rounds Key length matters Large S-boxes Rijndael –2.26Gbit/s @ 88.5MHz –Assets Small number –Of rounds –Of subkeys Identical rounds –Drawbacks Variable number of rounds Key length matters Large S-boxes Serpent –1.96Gbit/s @ 122.9MHz –Assets Fixed number of rounds Key lengths does not matter Small S-boxes –Drawbacks Different S-Box types Larger number –Of rounds –Of subkeys No hardware shared between encryption and decryption Serpent –1.96Gbit/s @ 122.9MHz –Assets Fixed number of rounds Key lengths does not matter Small S-boxes –Drawbacks Different S-Box types Larger number –Of rounds –Of subkeys No hardware shared between encryption and decryption

18 Comparison: Software RijndaelSerpent Encryption1276 | 440/2911800 | 1030/900 Decryption12762102 Performance (see figures) –Serpent 2 to 6 times slower Non-symmetrical performances But stable performances when changing architecture Performance (see figures) –Serpent 2 to 6 times slower Non-symmetrical performances But stable performances when changing architecture Pentium 133Mhz MMX | Pentium Pro C/Pentium Pro ASM

19 Conclusion Rijndael chosen by AES: why? –Fastest for small blocks and hashes encryption –Second fastest for bulk encryption But –Security issues In 1999, Schneier et al. claimed there was no possible timing attacks against Rijndael… In 2006, a timing attack is found –Serpent is more secure if you are ready to spend more time Rijndael chosen by AES: why? –Fastest for small blocks and hashes encryption –Second fastest for bulk encryption But –Security issues In 1999, Schneier et al. claimed there was no possible timing attacks against Rijndael… In 2006, a timing attack is found –Serpent is more secure if you are ready to spend more time

20 Questions Opposition

21 Sources Network Security, Private Communication in a Public World, C. Kaufman, R. Perlman, M. Speciner, 2002 Wikipedia’s articles (French and English) on Rijndael, Bitwise operators, AES process and Serpent Cryptographic Hardware and Embedded Systems, Pawel Chodowiec, 2002 Network Security, Private Communication in a Public World, C. Kaufman, R. Perlman, M. Speciner, 2002 Wikipedia’s articles (French and English) on Rijndael, Bitwise operators, AES process and Serpent Cryptographic Hardware and Embedded Systems, Pawel Chodowiec, 2002 Serpent, a Proposal for the AES, R. Anderson, E. Biham, L. Knudsen, 1998 Serpent homepage www.cl.cam.ac.uk/~rja14/serpent.html www.cl.cam.ac.uk/~rja14/serpent.html [Lutz02]2Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis, Lutz, Treichler, G ü rkaynak, Kaeslin, Basler, Erni, Reichmuth, Rommens, Oetiker, Fichtner, 2002 Serpent, a Proposal for the AES, R. Anderson, E. Biham, L. Knudsen, 1998 Serpent homepage www.cl.cam.ac.uk/~rja14/serpent.html www.cl.cam.ac.uk/~rja14/serpent.html [Lutz02]2Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis, Lutz, Treichler, G ü rkaynak, Kaeslin, Basler, Erni, Reichmuth, Rommens, Oetiker, Fichtner, 2002

22 Sources (cont.) A Note on Comparing AES Candidates (Revised), Biham, 1998 (?) Performance Comparison of the AES Submissions, B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, 1999 Performance Evaluation fo the AES Finalists on the High- End Smart Card, F. Sano, M. Koike, S. Kawamura, M. Shiba, 2000 A Note on Comparing AES Candidates (Revised), Biham, 1998 (?) Performance Comparison of the AES Submissions, B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, 1999 Performance Evaluation fo the AES Finalists on the High- End Smart Card, F. Sano, M. Koike, S. Kawamura, M. Shiba, 2000 Performance Comparison of 5 AES Candidates with New Performance Evaluation Tool, M. Takenaka, N. Torii, K. Itoh, J. Yajima, 2000 Instruction-level Parallelism in AES Candidates, C.S.K. Clapp, 1999 How Well Are High-End DSPs Suites for the AES Algorithms, T. J. Wollinger, M. Wang, J. Guajardo, C. Paar, 2000 Performance Comparison of 5 AES Candidates with New Performance Evaluation Tool, M. Takenaka, N. Torii, K. Itoh, J. Yajima, 2000 Instruction-level Parallelism in AES Candidates, C.S.K. Clapp, 1999 How Well Are High-End DSPs Suites for the AES Algorithms, T. J. Wollinger, M. Wang, J. Guajardo, C. Paar, 2000

23 Comments Non-exhaustive listing and extracts of sources are available here: –http://www.google.com/notebook/public/02330310943113180415/B DRkjSwoQiJ-sle4hhttp://www.google.com/notebook/public/02330310943113180415/B DRkjSwoQiJ-sle4h Interesting links for both Serpent and Rijndael (and others) can be found here: –http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.htmlhttp://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html Figures where realized specially for this presentation, except stated otherwise Non-exhaustive listing and extracts of sources are available here: –http://www.google.com/notebook/public/02330310943113180415/B DRkjSwoQiJ-sle4hhttp://www.google.com/notebook/public/02330310943113180415/B DRkjSwoQiJ-sle4h Interesting links for both Serpent and Rijndael (and others) can be found here: –http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.htmlhttp://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html Figures where realized specially for this presentation, except stated otherwise

Download ppt "Comparison AES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max 2G1704: Internet Security and Privacy Weltz Max."

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
128-bit Block Cipher Camellia

128-bit Block Cipher Camellia
Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.

Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.
L1.2. An Introduction to Block Ciphers Rocky K. C. Chang, February 2013.

L1.2. An Introduction to Block Ciphers Rocky K. C. Chang, February 2013.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Cryptography and Network Security

Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.

1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Similar presentations

Ads by Google