Download presentation

Presentation is loading. Please wait.

Published byZachary Limehouse Modified over 4 years ago

1
Lecture 7 Overview

2
Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different (10 th, 12 th, 14 th ) Each regular round consists of 4 steps – Byte substitution (BSB) – Shift row (SR) – Mix column (MC) – Add Round key (ARK) CS 450/650 Lecture 7: AES 2

3
AES Overview Plaintext (128)ARKSubkey 0 Ciphertext (128)ARKSubkey 10 SR BSB 9 rounds CS 450/650 Lecture 7: AES 3

4
State b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 -128-bit block 4 x 4 matrix -128 bits 16 bytes b0, b1, b2,.., b15 CS 450/650 Lecture 7: AES 4 S 0,0 S 0,1

5
Key k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 -128-bit key 4 x 4 matrix -128 bits 16 bytes k0, k1, k2,.., k15 CS 450/650 Lecture 7: AES 5

6
Four Operations 1.Byte Substitution – predefined substitution table s[i,j] s’[i,j] 2.Shift Row – left circular shift 3.Mix Columns – 4 elements in each column are multiplied by a polynomial 4.Add Round Key – Key is derived and added to each column CS 450/650 Lecture 7: AES 6 diffusion diffusion and confusion confusion

7
Shift Row (128-bit) b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 b0b4b8b12 b5b9b13b1 b10b14b2b6 b15b3b7b11 CS 450/650 Lecture 7: AES 7

8
Mix Column 2311 1231 1123 3112 S 0,i S 1,i S 2,I S 3,i S’ 0,I S’ 1,I S’ 2,I S’ 3,i = * Multiplying by 1 no change Multiplying by 2 shift left one bit Multiplying by 3 shift left one bit and XOR with original value More than 8 bits 100011011 is subtracted CS 450/650 Lecture 7: AES 8

9
Add Key b0b4b8b12 b1b5b9b13 b2b6b10b14 b3b7b11b15 k0k4k8k12 k1k5k9k13 k2k6k10k14 k3k7k11k15 b’ x bxbx kxkx = XOR CS 450/650 Lecture 7: AES 9

10
Key Generation 4 bytes Circular left shift 1byte S-box XOR Round constant CS 450/650 Lecture 7: AES 10

11
DES vs AES DESAES Date19761999 Block size64 bits128 bits Key length56 bits128, 192, 256, … bits Encryption primitivesSubstitution and permutationSubstitution, shift, bit mixing Cryptographic primitivesConfusion and diffusion DesignOpen Design rationaleClosedOpen Selection processSecretSecret (accepted public comment) SourceIBM, enhanced by NSABelgian cryptographers 11 CS 450/650 Lecture 7: AES

12
Cryptographic Hash Functions Message Digest Functions – Protect integrity – Create a message digest or fingerprint of a digital document – MD4, MD5, SHA Message Authentication Codes (MACs) – Protect both integrity and authenticity – Produce fingerprints based on both a given document and a secret key CS 450/650 Lecture 7: Hash Functions 12

13
Message Digest Functions Checksums fingerprint of a message – If message changes, checksum will not match Most checksums are good in detecting accidental changes made to a message – They are not designed to prevent an adversary from intentionally changing a message resulting a message with the same checksum Message digests are designed to protect against this possibility CS 450/650 Lecture 7: Hash Functions 13

14
One-Way Hash Functions Example M = “Elvis” H(M) = (“E” + “L” + “V” + “I” + “S”) mod 26 H(M) = (5 + 12 + 22 + 9 + 19) mod 26 H(M) = 67 mod 26 H(M) = 15 H M H(M) = h CS 450/650 Lecture 7: Hash Functions 14

15
Collision Example x = “Viva” Y = “Vegas” H(x) = H(y) = 2 H xH(x) H yH(y) = CS 450/650 Lecture 7: Hash Functions 15

16
Collision-resistant, One-way hash fnc. Given M, – it is easy to compute h Given any h, – it is hard to find any M such that H(M) = h Given M1, it is difficult to find M2 – such that H(M1) = H(M2) Functions that satisfy these criteria are called message digest – They produce a fixed-length digest (fingerprint) CS 450/650 Lecture 7: Hash Functions 16

17
Message Authentication Codes A message authentication code (MAC) is a key-dependent message digest function – MAC(M,k) = h CS 450/650 Lecture 7: Hash Functions 17

18
A MAC Based on a Block Cipher M1 Encrypt k M1 Encrypt k XOR M1 Encrypt k XOR … MAC CS 450/650 Lecture 7: Hash Functions 18

19
Lecture 8 Secure Hash Algorithm CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

20
Secure Hash Algorithm (SHA) SHA-01993 SHA-11995 SHA-22002 – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits 160-bit message digest CS 450/650 Lecture 8: Secure Hash Algorithm 20

21
Step 1 -- Padding Padding the total length of a padded message is multiple of 512 – Every message is padded even if its length is already a multiple of 512 Padding is done by appending to the input – A single bit, 1 – Enough additional bits, all 0, to make the final 512 block exactly 448 bits long – A 64-bit integer representing the length of the original message in bits CS 450/650 Lecture 8: Secure Hash Algorithm 21

22
Padding (cont.) MessageMessage length10…0 64 bits Multiple of 512 1 bit CS 450/650 Lecture 8: Secure Hash Algorithm 22

23
Example M = 01100010 11001010 1001 (20 bits) Padding is done by appending to the input – A single bit, 1 – 427 0s – A 64-bit integer representing 20 Pad(M) = 01100010 11001010 10011000 … 00010100

24
Example Length of M = 500 bits Padding is done by appending to the input: – A single bit, 1 – 459 0s – A 64-bit integer representing 500 Length of Pad(M) = 1024 bits

25
Step 2 -- Dividing Pad(M) Pad (M) = B 1, B 2, B 3, …, B n Each B i denote a 512-bit block Each B i is divided into 16 32-bit words – W 0, W 1, …, W 15 CS 450/650 Lecture 8: Secure Hash Algorithm 25

26
Step 3 – Compute W 16 – W 79 To Compute word W j (16<=j<=79) – W j-3, W j-8, W j-14, W j-16 are XORed – The result is circularly left shifted one bit CS 450/650 Lecture 8: Secure Hash Algorithm 26

27
Step 4 – Initialize A,B,C,D,E A = H 0 B = H 1 C = H 2 D = H 3 E = H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 27

28
Initialize 32-bit words H 0 = 67452301 H 1 = EFCDAB89 H 2 = 98BADCFE H 3 = 10325476 H 4 = C3D2E1F0 K 0 – K 19 = 5A827999 K 20 – K 39 = 6ED9EBA1 K 40 – K 49 = 8F1BBCDC K 60 – K 79 = CA62C1D6 CS 450/650 Lecture 8: Secure Hash Algorithm 28

29
Step 5 – Loop For j = 0 … 79 TEMP = CircLeShift_5 (A) + f j (B,C,D) + E + W j + K j E = D; D = C; C = CircLeShift_30(B); B = A; A = TEMP Done + addition (ignore overflow) CS 450/650 Lecture 8: Secure Hash Algorithm 29

30
Four functions For j = 0 … 19 – f j (B,C,D) = (B AND C) OR ( B AND D) OR (C AND D) For j = 20 … 39 – f j (B,C,D) = (B XOR C XOR D) For j = 40 … 59 – f j (B,C,D) = (B AND C) OR ((NOT B) AND D) For j = 60 … 79 – f j (B,C,D) = (B XOR C XOR D) CS 450/650 Lecture 8: Secure Hash Algorithm 30

31
Step 6 – Final H 0 = H 0 + A H 1 = H 1 + B H 2 = H 2 + C H 3 = H 3 + D H 4 = H 4 + E CS 450/650 Lecture 8: Secure Hash Algorithm 31

32
Done Once these steps have been performed on each 512-bit block (B 1, B 2, …, B n ) of the padded message, – the 160-bit message digest is given by H 0 H 1 H 2 H 3 H 4 CS 450/650 Lecture 8: Secure Hash Algorithm 32

33
SHA Output size (bits) Internal state size (bits) Block size (bits) Max message size (bits) Word size (bits) RoundsOperations Collisions found SHA-0160 5122 64 − 13280 +, and, or, xor, rot Yes SHA-1160 5122 64 − 13280 +, and, or, xor, rot None (2 52 attack) SHA-2 256/2242565122 64 − 13264 +, and, or, xor, shr, rot None 512/38451210242 128 − 16480 +, and, or, xor, shr, rot None CS 450/650 Lecture 8: Secure Hash Algorithm 33

Similar presentations

© 2019 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google