Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 7 September 9, 2004

Computer Science and Engineering Contents  Assignment 1   Assignment 2  Implementation of DES  Data Encryption Standard (DES)  Advanced Encryption Standard (AES)  Diana’s Presentation

Computer Science and Engineering Group Work Find keys d and e for the RSA cryptosystem with p = 7 and q = 11.

Computer Science and Engineering A High Level Description of DES Input - P 16 Cycles Output - C Key IP Inverse IP

Computer Science and Engineering A Cycle in DES Right halfLeft half Key shifted And Permuted New R-halfNew L-half f

Computer Science and Engineering K 64 bits PC-1 K+ 56 bits C0 28 bitsD0 28 bits C1 28 bits D1 28 bits C2 28 bits D2 28 bits C16 28 bits D16 28 bits PC-2 K1 48 bitsK2 48 bitsK16 48 bits Shift Key Summary

Computer Science and Engineering M 64 bits I-P L0 32 bitsR0 32 bits Cycle 1 IP 64 bits f L1 32 bitsR1 32 bits K1 48 bits

Computer Science and Engineering L1 32 bitsR1 32 bits Cycle 2 f L2 32 bitsR2 32 bits K2 48 bits

Computer Science and Engineering L2 32 bitsR2 32 bits Cycle 3 f L3 32 bitsR3 32 bits K3 48 bits

Computer Science and Engineering L15 32 bitsR15 32 bits Cycle 16 f L16 32 bitsR16 32 bits K16 48 bits IP -1 C 64 bits L16 32 bitsR16 32 bits

Computer Science and Engineering 32 bits Rn-1 32 bits f Kn 48 bits E E(Rn-1) 48 bits E(Rn-1)+Kn 48 bits S Boxes P

Computer Science and Engineering Detailed DES Example (by J. Orlin Grabbe) Plain text message M M = ABCDEF (hexadecimal format) M in binary format: M = Left Half (L) and Right Half (R) L = R =

Computer Science and Engineering Key Key K K = K = BBCDFF1 (hexadecimal format) K in binary format: K = Note: DES operates on the 64-bit blocks using key sizes of 56- bits. The keys are actually stored as being 64 bits long, but every 8th bit in the key is not used (i.e. bits numbered 8, 16, 24, 32, 40, 48, 56, and 64).

Computer Science and Engineering Step 1: Create 16 sub-keys (48-bits) 1.1 The 64-bit key is permuted according to table PC

Computer Science and Engineering Example (cont.) From the original 64-bit key K = Using PC-1, we get the 56-bit permutation K+ =

Computer Science and Engineering 1.2 Split this key into left and right halves, C 0 and D 0, where each half has 28 bits K+ = From the permuted key K+, we get C 0 = D 0 =

Computer Science and Engineering 1.3 Create 16 blocks C n and D n, 1<=n<=16. C n and D n are obtained from C n-1 and D n-1 using the following schedule of "left shifts" shift

Computer Science and Engineering Example (Cont.) C 0 = D 0 = C 1 = D 1 = C 2 = D 2 = C 3 = D 3 =

Computer Science and Engineering Example (Cont.) C 4 = D 4 = C 5 = D 5 = C 6 = D 6 = C 7 = D 7 =

Computer Science and Engineering Example (Cont.) C 8 = D 8 = C 9 = D 9 = C 10 = D 10 = C 11 = D 11 =

Computer Science and Engineering Example (Cont.) C 12 = D 12 = C 13 = D 13 = C 14 = D 14 = C 15 = D 15 =

Computer Science and Engineering 1.4 Form the keys K n, for 1<=n<=16, by applying the following permutation table to each of the concatenated pairs C n D n. Each pair has 56 bits, but PC-2 only uses 48 of these

Computer Science and Engineering Example (Cont.) For the first key we have C 1 D 1 = which, after we apply the permutation PC-2, becomes K 1 =

Computer Science and Engineering Example (Cont.) K 2 = K 3 = K 4 = K 5 = K 6 = K 7 =

Computer Science and Engineering Example (Cont.) K 8 = K 9 = K 10 = K 11 = K 12 =

Computer Science and Engineering Example (Cont.) K 13 = K 14 = K 15 = K 16 =

Computer Science and Engineering Step 2: Encode each 64-bit block of data 2.1 Do initial permutation IP of M to the following IP table

Computer Science and Engineering Example (Cont.) Applying the initial permutation to the block of text M, we get M = IP =

Computer Science and Engineering 2.2 Divide the permuted block IP into a left half L 0 of 32 bits, and a right half R 0 of 32 bits IP = From IP we get L 0 = R 0 =

Computer Science and Engineering 2.3 Proceed through 16 iterations, for 1<=n<=16, using a function f which operates on two blocks— a data block of 32 bits and a key K n of 48 bits to produce a block of 32 bits. L n = R n-1 R n = L n-1 + f(R n-1,K n ) -- + denote XOR K 1 = L 1 = R 0 = R 1 = L 0 + f(R 0,K 1 )

Computer Science and Engineering The Calculation of the function f 1 - Expand R n-1  E(R n-1 ) 2- XOR  K n + E(R n-1 ) = B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 3- Substitution S-Boxes  S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) 4- P permutation  f = P(S 1 (B 1 )S 2 (B 2 )...S 8 (B 8 ))

Computer Science and Engineering 2.4 Expand each block R n-1 from 32 bits to 48 bits using a selection table that repeats some of the bits in R n

Computer Science and Engineering We'll call the use of this selection table the function E. Thus E(R n-1 ) has a 32 bit input block, and a 48 bit output block. E R n-1 E(R n-1 )

Computer Science and Engineering Example (Cont.) We calculate E(R 0 ) from R 0 as follows: R 0 = E(R 0 ) = Note that each block of 4 original bits has been expanded to a block of 6 output bits.

Computer Science and Engineering XOR Operation In the f calculation, we XOR the output E(R n-1 ) with the key K n : K n + E(R n-1 ) K 1 = E(R 0 ) = K 1 +E(R 0 ) =

Computer Science and Engineering Substitution – S-Boxes We now have 48 bits, or eight groups of six bits. We use each group of 6 bits as addresses in tables called "S boxes". Each group of six bits will give us an address in a different S box. Located at that address will be a 4 bit number. This 4 bit number will replace the original 6 bits. The net result is that the eight groups of 6 bits are transformed into eight groups of 4 bits (the 4-bit outputs from the S boxes) for 32 bits total.

Computer Science and Engineering Substitution – S-Boxes (Cont.) K n + E(R n-1 ) = B 1 B 2 B 3 B 4 B 5 B 6 B 7 B 8 where each B i is a group of six bits. We now calculate S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) where S i (B i ) referrers to the output of the i-th S box.

Computer Science and Engineering Substitution – S-Boxes (Cont.) Box S1

Computer Science and Engineering Finding S 1 (B 1 ) The first and last bits of B represent in base 2 a number in the decimal range 0 to 3. Let that number be i. The middle 4 bits of B represent in base 2 a number in the decimal range 0 to 15. Let that number be j. Look up in the table the number in the i-th row and j-th column. The tables defining the functions S 1,...,S 8 are given in page 652

Computer Science and Engineering Example (Cont.) For input block B = the first bit is "0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits are "1101". This is the binary equivalent of decimal 13, so the column is column number 13. In row 1, column 13 appears 5. This determines the output; 5 is binary 0101, so that the output is Hence S 1 (011011) = 0101.

Computer Science and Engineering Example (Cont.) For the first round, we obtain as the output of the eight S boxes: K 1 + E(R 0 ) = S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) = For the first round, we obtain as the output of the eight S boxes: K 1 + E(R 0 ) = S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) =

Computer Science and Engineering Permutation P of the S-box output f = P(S 1 (B 1 )S 2 (B 2 )...S 8 (B 8 ))

Computer Science and Engineering Example (Cont.) For the first round, we obtain as the output of the eight S boxes: K 1 + E(R 0 ) = S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) = From the output of the eight S boxes: S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) = we get f =

Computer Science and Engineering Example (Cont.) For the first round, we obtain as the output of the eight S boxes: K 1 + E(R 0 ) = S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) = R 1 = L 0 + f(R 0, K 1 ) = =

Computer Science and Engineering Process Repeated 16 rounds For the first round, we obtain as the output of the eight S boxes: K 1 + E(R 0 ) = S 1 (B 1 )S 2 (B 2 )S 3 (B 3 )S 4 (B 4 )S 5 (B 5 )S 6 (B 6 )S 7 (B 7 )S 8 (B 8 ) = In the next round, we will have L 2 = R 1, which is the block we just calculated, and then we must calculate R 2 =L 1 + f(R 1, K 2 ), and so on for 16 rounds.

Computer Science and Engineering Final Phase At the end of the sixteenth round we have L 16 and R 16. We then reverse the order of the two blocks into R 16 L 16 and apply a final permutation IP -1 as defined by the following table

Computer Science and Engineering Example (cont.) If we process all 16 blocks using the method defined previously, we get, on the 16th round, L 16 = R 16 =

Computer Science and Engineering Example (cont.) We reverse the order of these two blocks and apply the final permutation to R 16 L 16 = IP -1 = , which in hexadecimal format is 85E813540F0AB405

Computer Science and Engineering The End M = ABCDEF C = 85E813540F0AB405 Decryption is simply the inverse of encryption, following the same steps as above, but reversing the order in which the sub- keys are applied

Computer Science and Engineering Triple DES Triple-DES is just DES with two 56-bit keys applied. Given a plaintext message, the first key is used to DES- encrypt the message. The second key is used to DES-decrypt the encrypted message. (Since the second key is not the right key, this decryption just scrambles the data further.) The twice-scrambled message is then encrypted again with the first key to yield the final ciphertext. This three-step procedure is called triple-DES.

Computer Science and Engineering Advanced Encryption Standard (ASE) -NIST, call One was selected out of five -Rijndael (Rine dahl)  Vincent Rijmen & Joam Daemen -In 2001, it was formally adopted by US -9, 11, 13 cycles (rounds) for keys of 128, 192, 256 bits

Computer Science and Engineering ASE (cont) -Each cycle consists of 4 steps - Byte substitution (substitution) - Shift row (transposition) - Mix column - Add subkey

Computer Science and Engineering State -128-bit block  4 x 4 matrix -128 bits  b0, b1, b2,.., b15 b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15

Computer Science and Engineering 4 Operations 1. s[i,j]  s’[i,j] (predefined substitution table, Table page 663) 2. Rows – left circular shift 3. The 4 elements in each column are multiplied by a polynomial 4. Key is derived and added to each column

Computer Science and Engineering Shift Row

Computer Science and Engineering Mix Column = * Multiplying by 1  no change Multiplying by 2  shift left one bit Multiplying by 3  shift left one bit and XOR with original value More than 8 bits  is subtracted

Computer Science and Engineering Add Subkey Group Exercise