AES Proposal: Rijndael Joan Daemen Vincent Rijmen “Rijndael is expected, for all key and block lengths defined, to behave as good as can be expected from.

Slides:

Advertisements

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

Advertisements

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

“Advanced Encryption Standard” & “Modes of Operation”

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5

Block Ciphers and the Data Encryption Standard

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

History Applications Attacks Advantages & Disadvantages Conclusion.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

AES clear a replacement for DES was needed

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

1  A clear a replacement for DES was needed have theoretical attacks that can break it have theoretical attacks that can break it have demonstrated exhaustive.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Network Security Chapter

Encryption Schemes Second Pass Brice Toth 21 November 2001.

CSE 651: Introduction to Network Security

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."

DARPA AES Finalist Algorithm: The Rijndael Block Cipher Mel Tsai University of California at Berkeley.

9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &

Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.

AES Background and Mathematics CSCI 5857: Encoding and Encryption.

Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.

Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم.

Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.

CS555Spring 2012/Topic 101 Cryptography CS 555 Topic 10: Block Cipher Security & AES.

AES: Rijndael 林志信王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.

Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.

Fifth Edition by William Stallings

Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.

Chapter 2 (C) –Advanced Encryption Standard. Origins clearly a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.

Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.

The RC5 Encryption Algorithm: Two Years On Lisa Yin RC5 Encryption –Ron Rivest, December 1994 –Fast Block Cipher –Software and Hardware Implementations.

A Ultra-Light Block Cipher KB1 Changhoon Lee Center for Information Security Technologies, Korea University.

Chapter 2 Symmetric Encryption.

© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:

Block Cipher- introduction

1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.

The Advanced Encryption Standard Part 1: Overview

CSE 5/7353 – January 25 th 2006 Cryptography. Conventional Encryption Shared Key Substitution Transposition.

CST 312 Pablo Breuer. A block of plaintext is treated as a whole and used to produce a ciphertext block of equal length Typically a block size of 64 or.

RC6—The elegant AES choice Ron Rivest Matt Robshaw Yiqun Lisa Yin

1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.

School of Computer Science and Engineering Pusan National University

HEY DOUG HOW ARE YOU? NKE JUAM NUC GXK EUA. HEY DOUG HOW ARE YOU? NKE JUAM NUC GXK EUA.

AES Objectives ❏ To review a short history of AES

Chapter -3 ADVANCED ENCRYPTION STANDARD & BLOCK CIPHER OPERATION

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Hashing Hash are the auxiliary values that are used in cryptography.

Advanced Encryption Standard

Presentation transcript:

AES Proposal: Rijndael Joan Daemen Vincent Rijmen “Rijndael is expected, for all key and block lengths defined, to behave as good as can be expected from a block cipher with the given block and key lengths.” Presented byJianning TANG

Outline  Introduction  Applications of Rijndael  Design Criteria  Rijndael Encryption  Resistance Against Known Attacks  Security goal  Conclusion  Question

Introduction AES: Advanced Encryption Standard published by NIST Block Cipher: An encrypting method in which each block of plain text is converted into a block of cipher text of the same length Rijndael: An iterated block cipher with a variable block length and a variable key length. The block length and the key length can be independently specified to 128, 192 or 256 bits.

Applications of Rijndael Rijndael cipher is designed to be implemented efficiently on a wide range of processors and in dedicated hardware. i.e. Smart Card, ATM, HDTV, B-ISDN, Voice and Satellite (encryption). Rijndael can also be used in MAC algorithm, iterated hash function, synchronous stream cipher, pseudo-random number generator, self-synchronizing stream cipher.

Design Criteria Resistance against all known attacks; Speed and code compactness on a wide range of platforms; Design simplicity.

Rijndael Encryption Pseudo code of Rijndael encryption: Rijndael(State,CipherKey) { KeyExpansion(CipherKey,ExpandedKey) ; AddRoundKey(State,roundKey[0]); For( i=1 ; i<Nr ; i++ ) Round(State,roundKey[i]) ; FinalRound(State,roundKey[Nr]);// return State; } Key Length(bits) Block Length(bits) Nr: number of rounds

Resistance Against Known Attacks Attack: If the computational time of a cryptanalysis method(to find the key) is less than the computational time of an exhausted key search, the method is said to be an effective attack. Plain Text--Cipher Text Pairs: Known to cryptanalyst. Keys: NOT known to cryptanalyst

List of known cryptanalysis methods :  Symmetry properties and weak keys of the DES type  Differential cryptanalysis  Linear cryptanalysis  Truncated differentials  The Square attack  Interpolation attacks  Related-key attacks No attack has yet been found to be effective against Rijndael.

Security Goal 1.K-security: All possible attack strategies for Rijndael have the same expected work factor and storage requirements as for the majority of possible block ciphers with the same dimensions. 2.Hermetic: It does not have weaknesses that are not present for the majority of block ciphers with the same block and key length. Or: its internal structure cannot be exploited in any application. Rijndael is expected to achieve its security goal

Conclusion In security aspect: “Rijndael is expected, for all key and block lengths defined, to behave as good as can be expected from a block cipher with the given block and key lengths.”

Question If a block cipher is k-security, do you think it is secure enough?