Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Published byZachary Limehouse Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different."— Presentation transcript:

1 Lecture 7 Overview

2 Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different (10 th, 12 th, 14 th ) Each regular round consists of 4 steps – Byte substitution (BSB) – Shift row (SR) – Mix column (MC) – Add Round key (ARK) CS 450/650 Lecture 7: AES 2

3 AES Overview Plaintext (128)ARKSubkey 0 Ciphertext (128)ARKSubkey 10 SR BSB 9 rounds CS 450/650 Lecture 7: AES 3

4 State b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 -128-bit block  4 x 4 matrix -128 bits  16 bytes  b0, b1, b2,.., b15 CS 450/650 Lecture 7: AES 4 S 0,0 S 0,1

5 Key k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 -128-bit key  4 x 4 matrix -128 bits  16 bytes  k0, k1, k2,.., k15 CS 450/650 Lecture 7: AES 5

6 Four Operations 1.Byte Substitution – predefined substitution table s[i,j]  s’[i,j] 2.Shift Row – left circular shift 3.Mix Columns – 4 elements in each column are multiplied by a polynomial 4.Add Round Key – Key is derived and added to each column CS 450/650 Lecture 7: AES 6 diffusion diffusion and confusion confusion

7 Shift Row (128-bit) b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 b0b4b8b12 b5b9b13b1 b10b14b2b6 b15b3b7b11 CS 450/650 Lecture 7: AES 7

8 Mix Column 2311 1231 1123 3112 S 0,i S 1,i S 2,I S 3,i S’ 0,I S’ 1,I S’ 2,I S’ 3,i = * Multiplying by 1  no change Multiplying by 2  shift left one bit Multiplying by 3  shift left one bit and XOR with original value More than 8 bits  100011011 is subtracted CS 450/650 Lecture 7: AES 8

9 Add Key b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 b’ x bxbx kxkx = XOR CS 450/650 Lecture 7: AES 9

10 Key Generation 4 bytes Circular left shift 1byte S-box XOR Round constant CS 450/650 Lecture 7: AES 10

11 DES vs AES DESAES Date19761999 Block size64 bits128 bits Key length56 bits128, 192, 256, … bits Encryption primitivesSubstitution and permutationSubstitution, shift, bit mixing Cryptographic primitivesConfusion and diffusion DesignOpen Design rationaleClosedOpen Selection processSecretSecret (accepted public comment) SourceIBM, enhanced by NSABelgian cryptographers 11 CS 450/650 Lecture 7: AES

12 Cryptographic Hash Functions Message Digest Functions – Protect integrity – Create a message digest or fingerprint of a digital document – MD4, MD5, SHA Message Authentication Codes (MACs) – Protect both integrity and authenticity – Produce fingerprints based on both a given document and a secret key CS 450/650 Lecture 7: Hash Functions 12

13 Message Digest Functions Checksums  fingerprint of a message – If message changes, checksum will not match Most checksums are good in detecting accidental changes made to a message – They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum Message digests are designed to protect against this possibility CS 450/650 Lecture 7: Hash Functions 13

14 One-Way Hash Functions Example M = “Elvis” H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 H(M) = (5 + 12 + 22 + 9 + 19) mod 26 H(M) = 67 mod 26 H(M) = 15 H M H(M) = h CS 450/650 Lecture 7: Hash Functions 14

15 Collision Example x = “Viva” Y = “Vegas” H(x) = H(y) = 2 H xH(x) H yH(y) = CS 450/650 Lecture 7: Hash Functions 15

16 Collision-resistant, One-way hash fnc. Given M, – it is easy to compute h Given any h, – it is hard to find any M such that H(M) = h Given M1, it is difficult to find M2 – such that H(M1) = H(M2) Functions that satisfy these criteria are called message digest – They produce a fixed-length digest (fingerprint) CS 450/650 Lecture 7: Hash Functions 16

17 Message Authentication Codes A message authentication code (MAC) is a key-dependent message digest function – MAC(M,k) = h CS 450/650 Lecture 7: Hash Functions 17

18 A MAC Based on a Block Cipher M1 Encrypt k M1 Encrypt k XOR M1 Encrypt k XOR … MAC CS 450/650 Lecture 7: Hash Functions 18

19 Lecture 8 Secure Hash Algorithm CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

20 Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits 160-bit message digest CS 450/650 Lecture 8: Secure Hash Algorithm 20

21 Step 1 -- Padding Padding  the total length of a padded message is multiple of 512 – Every message is padded even if its length is already a multiple of 512 Padding is done by appending to the input – A single bit, 1 – Enough additional bits, all 0, to make the final 512 block exactly 448 bits long – A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm 21

22 Padding (cont.) MessageMessage length10…0 64 bits Multiple of 512 1 bit CS 450/650 Lecture 8: Secure Hash Algorithm 22

23 Example M = 01100010 11001010 1001 (20 bits) Padding is done by appending to the input – A single bit, 1 – 427 0s – A 64-bit integer representing 20 Pad(M) = 01100010 11001010 10011000 … 00010100

24 Example Length of M = 500 bits Padding is done by appending to the input: – A single bit, 1 – 459 0s – A 64-bit integer representing 500 Length of Pad(M) = 1024 bits

25 Step 2 -- Dividing Pad(M) Pad (M) = B 1, B 2, B 3, …, B n Each B i denote a 512-bit block Each B i is divided into 16 32-bit words – W 0, W 1, …, W 15 CS 450/650 Lecture 8: Secure Hash Algorithm 25

26 Step 3 – Compute W 16 – W 79 To Compute word W j (16<=j<=79) – W j-3, W j-8, W j-14, W j-16 are XORed – The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm 26

27 Step 4 – Initialize A,B,C,D,E A = H 0 B = H 1 C = H 2 D = H 3 E = H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 27

28 Initialize 32-bit words H 0 = 67452301 H 1 = EFCDAB89 H 2 = 98BADCFE H 3 = 10325476 H 4 = C3D2E1F0 K 0 – K 19 = 5A827999 K 20 – K 39 = 6ED9EBA1 K 40 – K 49 = 8F1BBCDC K 60 – K 79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm 28

29 Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done +  addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm 29

30 Four functions For j = 0 … 19 – f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) For j = 20 … 39 – f j (B,C,D) = (B XOR C XOR D) For j = 40 … 59 – f j (B,C,D) = (B AND C) OR ((NOT B) AND D) For j = 60 … 79 – f j (B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm 30

31 Step 6 – Final H 0 = H 0 + A H 1 = H 1 + B H 2 = H 2 + C H 3 = H 3 + D H 4 = H 4 + E CS 450/650 Lecture 8: Secure Hash Algorithm 31

32 Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message, – the 160-bit message digest is given by H 0 H 1 H 2 H 3 H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 32

33 SHA Output size (bits) Internal state size (bits) Block size (bits) Max message size (bits) Word size (bits) RoundsOperations Collisions found SHA-0160 5122 64 − 13280 +, and, or, xor, rot Yes SHA-1160 5122 64 − 13280 +, and, or, xor, rot None (2 52 attack) SHA-2 256/2242565122 64 − 13264 +, and, or, xor, shr, rot None 512/38451210242 128 − 16480 +, and, or, xor, shr, rot None CS 450/650 Lecture 8: Secure Hash Algorithm 33

Download ppt "Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Hashes and Message Digests

Hashes and Message Digests
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
MD5 Message Digest Algorithm CS265 Spring 2003 Jerry Li Computer Science Department San Jose State University.

MD5 Message Digest Algorithm CS265 Spring 2003 Jerry Li Computer Science Department San Jose State University.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part I.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part I.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Lecture 13 Message Signing

Lecture 13 Message Signing
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Similar presentations

Ads by Google