Download presentation
Presentation is loading. Please wait.
Published byZachary Limehouse Modified over 9 years ago
1
Lecture 7 Overview
2
Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different (10 th, 12 th, 14 th ) Each regular round consists of 4 steps – Byte substitution (BSB) – Shift row (SR) – Mix column (MC) – Add Round key (ARK) CS 450/650 Lecture 7: AES 2
3
AES Overview Plaintext (128)ARKSubkey 0 Ciphertext (128)ARKSubkey 10 SR BSB 9 rounds CS 450/650 Lecture 7: AES 3
4
State b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 -128-bit block 4 x 4 matrix -128 bits 16 bytes b0, b1, b2,.., b15 CS 450/650 Lecture 7: AES 4 S 0,0 S 0,1
5
Key k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 -128-bit key 4 x 4 matrix -128 bits 16 bytes k0, k1, k2,.., k15 CS 450/650 Lecture 7: AES 5
6
Four Operations 1.Byte Substitution – predefined substitution table s[i,j] s’[i,j] 2.Shift Row – left circular shift 3.Mix Columns – 4 elements in each column are multiplied by a polynomial 4.Add Round Key – Key is derived and added to each column CS 450/650 Lecture 7: AES 6 diffusion diffusion and confusion confusion
7
Shift Row (128-bit) b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 b0b4b8b12 b5b9b13b1 b10b14b2b6 b15b3b7b11 CS 450/650 Lecture 7: AES 7
8
Mix Column 2311 1231 1123 3112 S 0,i S 1,i S 2,I S 3,i S’ 0,I S’ 1,I S’ 2,I S’ 3,i = * Multiplying by 1 no change Multiplying by 2 shift left one bit Multiplying by 3 shift left one bit and XOR with original value More than 8 bits 100011011 is subtracted CS 450/650 Lecture 7: AES 8
9
Add Key b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 b’ x bxbx kxkx = XOR CS 450/650 Lecture 7: AES 9
10
Key Generation 4 bytes Circular left shift 1byte S-box XOR Round constant CS 450/650 Lecture 7: AES 10
11
DES vs AES DESAES Date19761999 Block size64 bits128 bits Key length56 bits128, 192, 256, … bits Encryption primitivesSubstitution and permutationSubstitution, shift, bit mixing Cryptographic primitivesConfusion and diffusion DesignOpen Design rationaleClosedOpen Selection processSecretSecret (accepted public comment) SourceIBM, enhanced by NSABelgian cryptographers 11 CS 450/650 Lecture 7: AES
12
Cryptographic Hash Functions Message Digest Functions – Protect integrity – Create a message digest or fingerprint of a digital document – MD4, MD5, SHA Message Authentication Codes (MACs) – Protect both integrity and authenticity – Produce fingerprints based on both a given document and a secret key CS 450/650 Lecture 7: Hash Functions 12
13
Message Digest Functions Checksums fingerprint of a message – If message changes, checksum will not match Most checksums are good in detecting accidental changes made to a message – They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum Message digests are designed to protect against this possibility CS 450/650 Lecture 7: Hash Functions 13
14
One-Way Hash Functions Example M = “Elvis” H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 H(M) = (5 + 12 + 22 + 9 + 19) mod 26 H(M) = 67 mod 26 H(M) = 15 H M H(M) = h CS 450/650 Lecture 7: Hash Functions 14
15
Collision Example x = “Viva” Y = “Vegas” H(x) = H(y) = 2 H xH(x) H yH(y) = CS 450/650 Lecture 7: Hash Functions 15
16
Collision-resistant, One-way hash fnc. Given M, – it is easy to compute h Given any h, – it is hard to find any M such that H(M) = h Given M1, it is difficult to find M2 – such that H(M1) = H(M2) Functions that satisfy these criteria are called message digest – They produce a fixed-length digest (fingerprint) CS 450/650 Lecture 7: Hash Functions 16
17
Message Authentication Codes A message authentication code (MAC) is a key-dependent message digest function – MAC(M,k) = h CS 450/650 Lecture 7: Hash Functions 17
18
A MAC Based on a Block Cipher M1 Encrypt k M1 Encrypt k XOR M1 Encrypt k XOR … MAC CS 450/650 Lecture 7: Hash Functions 18
19
Lecture 8 Secure Hash Algorithm CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini
20
Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits 160-bit message digest CS 450/650 Lecture 8: Secure Hash Algorithm 20
21
Step 1 -- Padding Padding the total length of a padded message is multiple of 512 – Every message is padded even if its length is already a multiple of 512 Padding is done by appending to the input – A single bit, 1 – Enough additional bits, all 0, to make the final 512 block exactly 448 bits long – A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm 21
22
Padding (cont.) MessageMessage length10…0 64 bits Multiple of 512 1 bit CS 450/650 Lecture 8: Secure Hash Algorithm 22
23
Example M = 01100010 11001010 1001 (20 bits) Padding is done by appending to the input – A single bit, 1 – 427 0s – A 64-bit integer representing 20 Pad(M) = 01100010 11001010 10011000 … 00010100
24
Example Length of M = 500 bits Padding is done by appending to the input: – A single bit, 1 – 459 0s – A 64-bit integer representing 500 Length of Pad(M) = 1024 bits
25
Step 2 -- Dividing Pad(M) Pad (M) = B 1, B 2, B 3, …, B n Each B i denote a 512-bit block Each B i is divided into 16 32-bit words – W 0, W 1, …, W 15 CS 450/650 Lecture 8: Secure Hash Algorithm 25
26
Step 3 – Compute W 16 – W 79 To Compute word W j (16<=j<=79) – W j-3, W j-8, W j-14, W j-16 are XORed – The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm 26
27
Step 4 – Initialize A,B,C,D,E A = H 0 B = H 1 C = H 2 D = H 3 E = H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 27
28
Initialize 32-bit words H 0 = 67452301 H 1 = EFCDAB89 H 2 = 98BADCFE H 3 = 10325476 H 4 = C3D2E1F0 K 0 – K 19 = 5A827999 K 20 – K 39 = 6ED9EBA1 K 40 – K 49 = 8F1BBCDC K 60 – K 79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm 28
29
Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done + addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm 29
30
Four functions For j = 0 … 19 – f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) For j = 20 … 39 – f j (B,C,D) = (B XOR C XOR D) For j = 40 … 59 – f j (B,C,D) = (B AND C) OR ((NOT B) AND D) For j = 60 … 79 – f j (B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm 30
31
Step 6 – Final H 0 = H 0 + A H 1 = H 1 + B H 2 = H 2 + C H 3 = H 3 + D H 4 = H 4 + E CS 450/650 Lecture 8: Secure Hash Algorithm 31
32
Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message, – the 160-bit message digest is given by H 0 H 1 H 2 H 3 H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 32
33
SHA Output size (bits) Internal state size (bits) Block size (bits) Max message size (bits) Word size (bits) RoundsOperations Collisions found SHA-0160 5122 64 − 13280 +, and, or, xor, rot Yes SHA-1160 5122 64 − 13280 +, and, or, xor, rot None (2 52 attack) SHA-2 256/2242565122 64 − 13264 +, and, or, xor, shr, rot None 512/38451210242 128 − 16480 +, and, or, xor, shr, rot None CS 450/650 Lecture 8: Secure Hash Algorithm 33
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.