Presentation is loading. Please wait.

Presentation is loading. Please wait.

Algorithms for cryptography- Education and learning perspective

Published byEthel Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "Algorithms for cryptography- Education and learning perspective"— Presentation transcript:

1 Algorithms for cryptography- Education and learning perspective
P.V.Ananda Mohan Fellow IEEE ECIL, Bangalore 14th Dec

2 Agenda Introduction E-learning requirements Overview of Algorithms
Case studies of Encryption, Authentication and message digest Algorithm implementations- what needs to be taught, at what level, for whom Conclusion

3 Introduction Implementations of Cryptosystems Hardware Options
Key Generation Systems Software PC applications Portable Devices Mobile Phones E-Commerce ATMs etc ASIC FPGA DSP Algorithm Implementation Key Loading Tools Smart cards I-Buttons Key Guns

4 Who wants to learn? (a) Implementers of a given algorithm
Implementation of the given algorithm in a particular platform. Software implementation using C, C++ Hardware implementation using (i) FPGAs (ii) DSPs or (iii) ASICs will be needed. Speed or Area Requirements (or resources on FPGA such as CLBs, gates in an ASIC) Optimization

5 Who wants to learn? (b) Advanced implementers tamper proof design
protection of IP or code Error/malfunction detection Side-channel attack resistance etc. Technological solutions or architectural solutions needed Extremely high speed of operation for example IPSEC in gigabit routers Low-power implementations desired Agility regarding Multiple Algorithms , modes (e.g DES,3-DES,AES, Blow Fish, IDEA, CBC mode, Counter mode, ECB mode, CFB, OFB)

6 Who wants to learn? (c) Researchers and cryptanalysts
Fast implementations Secure protocols Key Search engines for brute force attacks based on Software and hardware Attacks Differential and linear cryptanalysis Power Attacks new algorithms which are resistant to various types of attacks. New Algorithms Cryptanalysis of New Algorithms of others and old Algorithms

7 Three Related domains Authentication Encryption
Hashing and Digital Signatures

8 Case studies One encryption algorithm based on a stream cipher
one encryption algorithm based on a block cipher A RSA implementation A Hash algorithm

9 STREAM CIPHERING Ciphered data Clear data Masking sequence
= Masking = modulo 2 Masking sequence No error Propagation

10 3-STAGE LFSR Primitive Polynomial is x3+x2+1 Key
clock Key Non-zero initial conditions

11 3-stage LFSR 101 010 001 seed (initial condition) 100 110
111 011 seed (initial condition) period= 23-1=7 states

12 GSM Authentication using signature and encryption in a nutshell
SRES A5 A8 A3 ? Ki RAND 128 Bits RAND SRES (32 bits) Frame# Encrypted traffic Kc 64 bits RAND

13 Example: A5 Algorithm of GSM
LFSR 17 LFSR 19 LFSR 23 LOGIC Clock Controlled Shift registers Fixed sparse Primitive polynomials Initial conditions is the key (64 bits)

14 What do you need to know Primitive polynomial: definition
Testing for Primitivity (software) Implementation of LFSR in Software and hardware Combining LFSrs in many ways Linear Complexity evaluation (using Berlekamp-Massey Algorithm) and period Possible Attacks-immunity Advanced systems (word level LFSRs-synthesis, NLFSRs) Design of New schemes and evaluation Study of known schemes like BlueTooth (E0), CAVE, A5 etc Interactive exercises

15 BLOCK CIPHERS N bit output block N bit input block K bit key

16 SYMMETRIC KEY ENCRYPTION ALGORITHMS
Data encryption standard(DES) Triple DES International data encryption algorithm (IDEA) Blowfish RIJNDAEL - the advanced encryption standard Other AES candidates

17 General Features/Specifications
Block length in bits Key length in Bits Rounds Operations in Each round Key Schedule for all rounds Round Key generation Decryption Modes of operation Any Weak Keys Complexity / Execution time Benchmarks Five modes of operation

18 ECB (Electronic codebook mode
56 bit key 64 bit input 64 bit output

19 Cipher Block Chaining mode
Text block1 Text block2 block3 IV (Initialization Vector) Cipher text blocks

20 CFB(CIPHER FEEDBACK MODE)
DES Encryption key Plain text j bits Cipher text j bits J bits (64-J) bits Shift Register Discard 64-j bits

21 OFB (Output feedback) mode
Plain text Cipher text 64-j bits j bits

22 Basic Primitives in Block Ciphers
Bit by bit exclusive OR Modulo 216 or 232 Additions (use fast adders) Arbitrary rotations (left or right by any number of bits) Permutations S-Boxes Modulo Multiplication (X.Y) mod N Exponentiation XY mod N Multiplicative Inverses (1/X) mod N Galois field operations (multiplication, inversion, word based LFSRs)

23 Typical Architecture Software, ASIC or FPGA
Key Scheduler Actual key Round Keys Round Processor 1 Round Processor k Round Processor2 Round Processor k-1 Input block Output block Multiplexer Latch Round processors individual or few or one Mode control Key Register Clock

24 Rijndael (AES) Variable block length (128,192,256 bits)
Variable key length( 128,192 or 256 bits) Block cipher Data and key arranged as rows and columns Byte level design Suitable for DSP or Microprocessor based or ASIC implementation

25 Rijndael Four Rows Nb columns : Nb = Block length/32
Nk columns : Nk = Key length /32 Number of rounds dependent on Nb and Nk: Nb Nk

26 Rijndael Rounds shown in Table +1 needed
Each round consists of four operations: 1)Byte Substitution 2) Shift row 3)Mix column 4) Add Round key (modulo 2 bit by bit) Some steps can be combined.

27

28 Byte Sub: Step 1 a00 ao1 ao2 a03 ao4 ao5 a10 a11 a12 a13 a14 a15
First write data vertically Substitute for each byte from a Rijndalel S-Box to get a new block: Simple step

29 Rijndael Shift row: Step 2 First row no shift
Second row One byte left circular shift 2 byte left circular shift Third row Fourth row Three byte left circular shift Original 1 5 9 13 2 6 10 14 3 7 11 15 4 8 12 16 The result is the permutation

30 Mix Column Mix column Transformation -Avoids a big 32 bit input 32 bit output S-Box All bytes are treated as polynomials Example the byte b7b6b5b4b3b2b1b0 is the polynomial b7x7+b6x6+b5x5+b4x4+b3x3+b2x2+b1x+b0 Columns are considered as polynomials over GF(2**8) The irreducible 8th degree polynomial used is x8+x4+x3+x+1

31 MIX Column b(x)=[c(x).a(x)] mod (x4 +1)
c(x) = “03” x3 + “01”.x2 + “01”.x+”02” we thus obtain all new columns corresponding to a(x).

32 Example d(x)=[a(x).b(x)] mod (x4 +1) a(x) = a3.x3 + a2.x2 +a1.x+a0
b(x) = b3.x3 + b2.x2 +b1.x+b0 d(x)=c6x6+c5x5+c4x4+c3x3+c2x2+c1x+c0 c0= a0b0, c4=a3b1+a2b2+a1b3 c1=a1b0+a0b1, c5= a3b2+a2b3 c2=a2b0+a1b1+a0b2, c6=a3b3 c3=a3b0+a2b1+a1b2+a0b3 All + are Exclusive OR But x4=1,x5=x,x6=x2 mod (x4+1)

33 c0= a0b0+a3b1+a2b2+a1b3 c1=a1b0+a0b1+a3b2+a2b3 c2=a2b0+a1b1+a0b2+a3b3 c3=a3b0+a2b1+a1b2+a0b3 Each of the above is a multiplication in GF(8) Fortunately, all bi s are simple. 02H or 03 H or 01H or 01H

34 Rijndael Mix Column: Step3
a00 a01 a02 a03 ao4 a05 a10 a11 a12 a13 a14 a15 a20 a21 a22 a23 a24 a25 a30 a31 a32 a33 a34 a35 b00 b01 b02 b03 bo4 b05 b10 b11 b12 b13 b14 b15 a20 b21 b22 b23 b24 b25 b30 b31 b32 b33 b34 b35 Xc(x)

35 Add (EXOR) Round Key Add Round key is Bit wise “exclusive or” of the complete block with the round key. Simple operation Round key used only in this step.

36 Key Scheduler to get round keys
Initial Round key addition Consider 128 bit block. Each round key 128 bits = 4 number of 32 bit words. Total key 32 bit words 44 = (Initial add round key+ 10 round keys) How to generate all round key words from 128 bit (4 word) basic key?

37 Rijndael Key schedule We need 44 numbers of 32 bit words W for Nk=4 i.e. 128 bit key. First four words are given key data itself Temp= w(i-1) W(i) = temp exor W(i-4) for all i except multiples of 4 For i= multiples of 4, temp = subbyte (rotbyte (temp)) exor Rcon(i/4) Rot byte is one byte circular left shift of the word

38 Rcon is a word with three Least significant bytes zero
Rcon is a word with three Least significant bytes zero. Most significant byte is as per table. j 1 2 3 4 5 6 7 8 9 10 RC(j) 01 02 04 08 20 40 80 1B 36

39 Key Generation method K0 K4 K8 K12 K1 K5 K9 K13 K2 K6 K10 K14 K3 K7
Continue to get 44 words W0 W1 W2 W3 g W4 W5 W6 W7

40

41

42

43

44

45 S-BOX implementations
ROM Logic Synthesis based Multiplexer based FOM (figure of Merit): Delay (access time), area, flexibility, insight

46 Logic Synthesis of S-BOX
S1 First row Analyze the Sequences of b3, b2, b1, b0 The logic functions assuming an input from a counter counting from zero to 15 are as follows: b3 = A’C’D’+AB’C+BCD’+AB’C’D+ABC’D b2=D’C’B’+D’C’BA’+D’CB’A+DC’B+DCB’A’+DCBA b1=D’C’B’A’+D’CB’+D’CBA’+DC’B’+DC’BA’+DCBA b0=D’C’B+D’CB’A+D’CBA’+DC’B’A’+DCB’+DCBA b3b2b1b0 1110 0100 1101 0001 0010 1111 1011 1000 0011 1010 0110 1100 0101 1001 0000 0111

47 b3 = A’C’D’+AB’C+BCD’+AB’C’D+ABC’D

48 S-BOX based on Multiplexer
Input nibble b0 Hardwire all inputs of Mux 16:1 to logic one and zero as needed. b1 Delay is a 16:1 multiplexer delay Area 4 16:1 Multiplexers b2 b3

49 What you need to learn Basic algorithms
Implementation of primitives-efficiently Implementation options Combining steps Efficient key schedule calculation Agility to change new keys Properties of S-box, evaluation Evaluation of Block ciphers –other prmitives rotation, modulo multiplication etc. Design resistant to side-channel attacks Software and hardware solutions

50 Authentication algorithms

51 Encryption and authentication
S K K Conventional symmetric key based encryption

52 Encryption and authentication
U stands for Public R stands for Private S D U R CONFIDENTIALITY

53 Encryption and authentication
S R U AUTHENTICATION

54 Encryption and authentication
S D R R U U BOTH

55 Authentication Asymmetric systems( two keys-one public and another private are needed) Three types of authentication possible

56 AUTHENTICATION USING RSA
RSA ( Rivest- Shamir- Adleman) inventors Two keys are used (public key and private key)

57 Authentication using RSA
m = message Public Key = (e,n) Private Key = (d,n) Encryption c = me mod n Decryption m = cd mod n

58 Choice of n ,e,d Choose two large primes p and q. n = p.q
Choose e such that e and (p-1).(q-1) are relatively prime. Calculate d so that ed = 1 mod((p-1).(q-1))

59 Example p = 47,q = 71 (p-1).(q-1) = 46.70=3220 choose e = 79
then d = 1019. m=688 say c = 1570 and m = 688 after decryption

60 How to compute XY mod N X,Y and n are 1024 bit numbers typically.
Repeated squaring and conditional multiplications 1123 mod 37 = ( ) mod 37 Basic operation is A.B mod N XY mod N needs 2047 such operations at most for 1024 bit numbers

61 How to compute A.B mod N Example: 13.15 mod 23
We do not want to do in a straight forward manner . Write b = 13 in binary form : 1101 Do repeatedly starting from msb: (2.Old + bi.A) mod 23

62 What you need to learn Basic Algorithms Primality testing
Choice of primes Factorization problem Kernel for Fast exponentiation mod M (multibit recoding, Montgomery’s algorithm, Redundant Arithmetic, Attack resistant design, scalability to 2048 bits) Software/ hardware solutions

63 Digital signature algorithms

64 Authentication by digital signatures
M M CK(M) K C COMPARE K

65 General Principle of Hashing
Y0 Y1 YN-1 IV F is a compression function Yi are successive blocks in the input If F is collision resistant, so is the Hash algorithm.

66 SECURE HASH ALGORITHM Treats messages as 512 bit blocks
Four rounds of 20 operations each Five Constants 32 bit A, B, C, D, E Uses nonlinear operations involving AND, OR, EXCLUSIVE-OR Uses circular shifts Generates a hash of 160 bits. Improvement over MD5

67 SHA Hashing step + E D C B Wt Kt A S5 S30

68 What you need to learn Fundamentals of Hash functions
Hash algorithms MD5, SHA, RIPE MD etc HMAC (hash using key) Collision issues New Hash function design to avoid collision Hardware/software implementations

69 Conclusion Sensitivity to issues addressed such as side channel attacks, compact hardware, protection of IP, Power (Low)-area (Low)-time (fast) trade offs Fault Tolerant designs (self checking) Self study modules with interactive question/answer type facility will be useful Testing/learning up to the desired level of proficiency shall be gracefully constructed with increasing depth of information

70 Books and Journals Stinson, Bruce Schneier, Menezes et al, Simmons, Rhee, Stallings, Rueppel, Beker and Piper many more IEEE Security and Privacy, IEEE Journal on Selected Areas in Communications, IEEE Transactions on computers, IEEE Transactions on Information Theory, IEEE Journal of Solid-State circuits, IEE Journal of Computers and Digital Techniques, Electronics Letters, IEEE Computer, Springer Verlag Conference Proceedings of ASEACRYPT, INDOCRYPT, Fast Software Encryption and so on, Journal of Cryptology, Cryptologia

71 My

Download ppt "Algorithms for cryptography- Education and learning perspective"

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.

1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Chapter 12 Cryptography (slides edited by Erin Chambers)

Chapter 12 Cryptography (slides edited by Erin Chambers)
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.

Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
1 Chapter 3 Ciphers Mechanism that decides the process of encryption/decryption Stream Cipher: Bit-by-bit encryption / decryption Block Cipher: Block-by-block.

1 Chapter 3 Ciphers Mechanism that decides the process of encryption/decryption Stream Cipher: Bit-by-bit encryption / decryption Block Cipher: Block-by-block.
Algorithms for cryptography- Education and learning perspective P.V.Ananda Mohan Fellow IEEE ECIL, Bangalore 14 th Dec 2007.

Algorithms for cryptography- Education and learning perspective P.V.Ananda Mohan Fellow IEEE ECIL, Bangalore 14 th Dec 2007.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.

Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.

Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Similar presentations

Ads by Google