Comparison AES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max 2G1704: Internet Security and Privacy Weltz Max.

Slides:



Advertisements
Similar presentations
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Advertisements

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
128-bit Block Cipher Camellia
Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.
L1.2. An Introduction to Block Ciphers Rocky K. C. Chang, February 2013.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3
Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
ICS 454: Principles of Cryptography
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption
CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.
Network Security Chapter
Encryption Schemes Second Pass Brice Toth 21 November 2001.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on “A Tutorial on Linear and Differential Cryptanalysis” by Howard Heys.] Modern block ciphers.
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Cryptography and Network Security
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Cryptography and Network Security
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
TWOFISH ENCRYPTION ALGORITHM CS–627: Cryptology Fall 2004 Horatiu Paul Stancu.
DARPA AES Finalist Algorithm: The Rijndael Block Cipher Mel Tsai University of California at Berkeley.
Blowfish A widely used block cipher. Blowfish Designed by Bruce Schneier (1993) A variant of it (Twofish) was an AES finalist candidate 64-bit block size,
9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &
Classical &ontemporyryptology 1 AESAES Classical &ontemporyryptology 2 Advanced Encryption Standard Since DES was becoming less reliable as new cryptanalysis.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
Chapter 20 Symmetric Encryption and Message Confidentiality.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.
‘Baby DES’ cipher Alexei Vernitski. Block cipher A message is a sequence of bits: … We split the message in blocks of a fixed length.
AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.
Introduction to Information Security Lect. 6: Block Ciphers.
Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.
Lecture 23 Symmetric Encryption
Fifth Edition by William Stallings
Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.
Network Security Lecture 3 Secret Key Cryptography
The Advanced Encryption Standard Part 1: Overview
CSE 5/7353 – January 25 th 2006 Cryptography. Conventional Encryption Shared Key Substitution Transposition.
Understanding Cryptography by Christof Paar and Jan Pelzl Chapter 4 – The Advanced Encryption Standard (AES) ver. October 28, 2009.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday.
Zong-Cing Lin 2007/10/31.  Algorithm Description  Why chose Rijndael  Reference.
Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.
Triple DES.
School of Computer Science and Engineering Pusan National University
The Advanced Encryption Standard: Rijndael
ADVANCED ENCRYPTION STANDARD
Cryptography and Network Security
مروري برالگوريتمهاي رمز متقارن(كليد پنهان)
128-bit Block Cipher Camellia
128-bit Block Cipher Camellia
Advanced Encryption Standard
Presentation transcript:

Comparison AES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max 2G1704: Internet Security and Privacy Weltz Max

Outline Historical perspective Description of AES-Rijndael Description of Serpent Comparison Historical perspective Description of AES-Rijndael Description of Serpent Comparison

Historical perspective 1998 Advanced Encryption Standard contest 1999 Serpent and Rijndael among the last 5 finalist algorithms –Along with Mars, RC6 and Twofish 2000 Rijndael selected as AES algorithm 1998 Advanced Encryption Standard contest 1999 Serpent and Rijndael among the last 5 finalist algorithms –Along with Mars, RC6 and Twofish 2000 Rijndael selected as AES algorithm

Main elements –Parameters Key size: 128, 160, 192, 224, 256bits Block size: 128, 160, 192, 224, 256bits Number of rounds: 6+max(Bs,Ks) –Operations  Two substitutions tables Rearrangement of octets Key schedule Main elements –Parameters Key size: 128, 160, 192, 224, 256bits Block size: 128, 160, 192, 224, 256bits Number of rounds: 6+max(Bs,Ks) –Operations  Two substitutions tables Rearrangement of octets Key schedule Description of Rijndael

Description of Rijndael State array –Size of Bs –Organized in 4- octet columns State array –Size of Bs –Organized in 4- octet columns

Description of Rijndael Rounds 1.Octets through the S-Box 2.Rows shifted 3.Columns mixed Rounds 1.Octets through the S-Box 2.Rows shifted 3.Columns mixed

Description of Rijndael Key expansion –As many round as required –Obtain (Nr+1)Bs/32 columns Key expansion –As many round as required –Obtain (Nr+1)Bs/32 columns

What is AES-Rijndael? AES’ recommendations for Rijndael –Block size: 128-bits –Key size: 128bits -> AES-128 -> 10 rounds 196bits -> AES-196 -> 12 rounds 256bits -> AES-256 -> 14 rounds AES’ recommendations for Rijndael –Block size: 128-bits –Key size: 128bits -> AES-128 -> 10 rounds 196bits -> AES-196 -> 12 rounds 256bits -> AES-256 -> 14 rounds

Description of Serpent Parameters –Key size: 128, 192, 256 bits 128 and 192bit keys are padded with 100… –Block size: 128bits –Number of rounds: rounds are supposedly enough Operations –  –8 substitution tables (S-boxes) –Linear transformation –Key schedule Parameters –Key size: 128, 192, 256 bits 128 and 192bit keys are padded with 100… –Block size: 128bits –Number of rounds: rounds are supposedly enough Operations –  –8 substitution tables (S-boxes) –Linear transformation –Key schedule

Description of Serpent Process –Initial permutation –32 Rounds –Final permutation Permutations –Statically defined –Simplifying the optimized implementation Process –Initial permutation –32 Rounds –Final permutation Permutations –Statically defined –Simplifying the optimized implementation

Description of Serpent Rounds 1.Key mixing 2.Pass through S-box 3.Linear transformation Except for the last round –(  33rd subkey) Rounds 1.Key mixing 2.Pass through S-box 3.Linear transformation Except for the last round –(  33rd subkey)

Description of Serpent Linear transformation –Left-rotations –  ’ing –Left-shifts Linear transformation –Left-rotations –  ’ing –Left-shifts Source: Wikipedia

Description of Serpent Key expansion –Padding (100…) –Affine expansion –S-boxes –Collapsing Key expansion –Padding (100…) –Affine expansion –S-boxes –Collapsing

Comparison Process Security Hardware performance Software performance Process Security Hardware performance Software performance

Comparison: Process RijndaelSerpent Round 10x 12x 14x S-boxes Raw shifting Columns mixed  Round Key 31x Key mixing S-boxes Linear t. Final t. Key mixing S-boxes Key mixing Adapted from [Lutz02]

Comparison: Security RijndaelSerpent Margins (rounds) 6 insecure 10/12/14 suggested AES 15 insecure 17 suggested Authors 16: secure 32 suggested Best known attacks (2006) 7/8/9 rounds11 rounds Comments Known side channel attacks (timing) Better than or equivalent to any other 128bit block cipher Old design

Comparison: Hardware Rijndael 88.5MHz –Assets Small number –Of rounds –Of subkeys Identical rounds –Drawbacks Variable number of rounds Key length matters Large S-boxes Rijndael 88.5MHz –Assets Small number –Of rounds –Of subkeys Identical rounds –Drawbacks Variable number of rounds Key length matters Large S-boxes Serpent 122.9MHz –Assets Fixed number of rounds Key lengths does not matter Small S-boxes –Drawbacks Different S-Box types Larger number –Of rounds –Of subkeys No hardware shared between encryption and decryption Serpent 122.9MHz –Assets Fixed number of rounds Key lengths does not matter Small S-boxes –Drawbacks Different S-Box types Larger number –Of rounds –Of subkeys No hardware shared between encryption and decryption

Comparison: Software RijndaelSerpent Encryption1276 | 440/ | 1030/900 Decryption Performance (see figures) –Serpent 2 to 6 times slower Non-symmetrical performances But stable performances when changing architecture Performance (see figures) –Serpent 2 to 6 times slower Non-symmetrical performances But stable performances when changing architecture Pentium 133Mhz MMX | Pentium Pro C/Pentium Pro ASM

Conclusion Rijndael chosen by AES: why? –Fastest for small blocks and hashes encryption –Second fastest for bulk encryption But –Security issues In 1999, Schneier et al. claimed there was no possible timing attacks against Rijndael… In 2006, a timing attack is found –Serpent is more secure if you are ready to spend more time Rijndael chosen by AES: why? –Fastest for small blocks and hashes encryption –Second fastest for bulk encryption But –Security issues In 1999, Schneier et al. claimed there was no possible timing attacks against Rijndael… In 2006, a timing attack is found –Serpent is more secure if you are ready to spend more time

Questions Opposition

Sources Network Security, Private Communication in a Public World, C. Kaufman, R. Perlman, M. Speciner, 2002 Wikipedia’s articles (French and English) on Rijndael, Bitwise operators, AES process and Serpent Cryptographic Hardware and Embedded Systems, Pawel Chodowiec, 2002 Network Security, Private Communication in a Public World, C. Kaufman, R. Perlman, M. Speciner, 2002 Wikipedia’s articles (French and English) on Rijndael, Bitwise operators, AES process and Serpent Cryptographic Hardware and Embedded Systems, Pawel Chodowiec, 2002 Serpent, a Proposal for the AES, R. Anderson, E. Biham, L. Knudsen, 1998 Serpent homepage [Lutz02]2Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis, Lutz, Treichler, G ü rkaynak, Kaeslin, Basler, Erni, Reichmuth, Rommens, Oetiker, Fichtner, 2002 Serpent, a Proposal for the AES, R. Anderson, E. Biham, L. Knudsen, 1998 Serpent homepage [Lutz02]2Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis, Lutz, Treichler, G ü rkaynak, Kaeslin, Basler, Erni, Reichmuth, Rommens, Oetiker, Fichtner, 2002

Sources (cont.) A Note on Comparing AES Candidates (Revised), Biham, 1998 (?) Performance Comparison of the AES Submissions, B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, 1999 Performance Evaluation fo the AES Finalists on the High- End Smart Card, F. Sano, M. Koike, S. Kawamura, M. Shiba, 2000 A Note on Comparing AES Candidates (Revised), Biham, 1998 (?) Performance Comparison of the AES Submissions, B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, 1999 Performance Evaluation fo the AES Finalists on the High- End Smart Card, F. Sano, M. Koike, S. Kawamura, M. Shiba, 2000 Performance Comparison of 5 AES Candidates with New Performance Evaluation Tool, M. Takenaka, N. Torii, K. Itoh, J. Yajima, 2000 Instruction-level Parallelism in AES Candidates, C.S.K. Clapp, 1999 How Well Are High-End DSPs Suites for the AES Algorithms, T. J. Wollinger, M. Wang, J. Guajardo, C. Paar, 2000 Performance Comparison of 5 AES Candidates with New Performance Evaluation Tool, M. Takenaka, N. Torii, K. Itoh, J. Yajima, 2000 Instruction-level Parallelism in AES Candidates, C.S.K. Clapp, 1999 How Well Are High-End DSPs Suites for the AES Algorithms, T. J. Wollinger, M. Wang, J. Guajardo, C. Paar, 2000

Comments Non-exhaustive listing and extracts of sources are available here: – DRkjSwoQiJ-sle4hhttp:// DRkjSwoQiJ-sle4h Interesting links for both Serpent and Rijndael (and others) can be found here: – Figures where realized specially for this presentation, except stated otherwise Non-exhaustive listing and extracts of sources are available here: – DRkjSwoQiJ-sle4hhttp:// DRkjSwoQiJ-sle4h Interesting links for both Serpent and Rijndael (and others) can be found here: – Figures where realized specially for this presentation, except stated otherwise

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.