Professional Documents
Culture Documents
5.1 Introduction
5.2 Symmetric Data Encryption with Private Key
5.2.1 Digital Encryption Standard
5.2.2 Triple DES Encryption
5.2.3 Advanced Encryption Standard
5.3 Public Key Encryption
5.3.1 RSA Encryption Scheme
5.3.2 Diffie-Hellman Key Exchange Algorithm
5.3.3 Combining RSA with DES
5.4 Public Key Certifying Authority
5.5 Digital Signature
E-Commerce and E- Governance
Lecture 4
SECURE MESSAGING
5.1 Introduction
3
4
5
6
5.2 SYMMETRIC DATA ENCRYPTION
WITH PRIVATE KEY
7
Cryptography
Basic idea: convert clear text (also called plain text
the original message) to ciphertext (the encrypted
message)
ciphertext = encrypt(plaintext, KE)
plaintext = decrypt(ciphertext, KC)
8
Some Basic Terminology
plaintext - original message
11
Symmetric Encryption
12
Public-Key Cryptography
probably most significant advance in the 3000 year
history of cryptography
uses two keys a public & a private key
asymmetric since parties are not equal
uses clever application of number theoretic concepts to
function
complements rather than replaces secret key
cryptography
13
Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the
use of two keys:
a public-key, which may be known by anybody, and can be
used to encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
14
Public-Key Cryptography
15
Modern Block Ciphers
Block ciphers are among the most widely
used types of cryptographic algorithms
provide secrecy and/or authentication services
in particular will introduce DES (Data
Encryption Standard)
16
Block vs Stream Ciphers
block ciphers process messages in blocks, each
of which is then en/decrypted
like a substitution on very big characters
64-bits or more
stream ciphers process messages a bit or byte
at a time when en/decrypting
many current ciphers are block ciphers
broader range of applications
17
18
19
Block Cipher
20
Block Cipher Principles
most symmetric block ciphers are based on a
Feistel Cipher Structure
needed since must be able to decrypt
ciphertext to recover messages efficiently
block ciphers look like an extremely large
substitution
would need table of 264 entries for a 64-bit
block
instead create from smaller building blocks
using idea of a product cipher
21
Claude Shannon and Substitution-
Permutation Ciphers
Claude Shannon introduced idea of
substitution-permutation (S-P) networks in
1949 paper
form basis of modern block ciphers
S-P nets are based on the two primitive
cryptographic operations seen before:
substitution (S-box)
permutation (P-box)
provide confusion & diffusion of message &
key
22
Confusion and Diffusion
cipher needs to completely obscure statistical
properties of original message
a one-time pad does this
more practically Shannon suggested combining S & P
elements to obtain:
diffusion dissipates statistical structure of plaintext
over bulk of ciphertext
confusion makes relationship between ciphertext
and key as complex as possible
23
Feistel Cipher Structure
Horst Feistel devised the feistel cipher
based on concept of invertible product cipher
partitions input block into two halves
process through multiple rounds which
perform a substitution on left data half
based on round function of right half & subkey
then have permutation swapping halves
implements Shannons S-P net concept
24
25
Feistel Cipher Structure
26
Feistel Cipher Structure
27
Feistel Cipher Decryption
28
5.2.1 Digital Encryption Standard
DES Encryption Overview
29
DES
30
DES Round Structure
uses two 32-bit L & R halves
as for any Feistel cipher can describe as:
Li = Ri1
Ri = Li1 F(Ri1, Ki)
F takes 32-bit R half and 48-bit subkey:
expands R to 48-bits using perm E
adds to subkey using XOR
passes through 8 S-boxes to get 32-bit result
finally permutes using 32-bit perm P
31
32
Initial Permutation IP
first step of the data computation
IP reorders the input data bits
even bits to LH half, odd bits to RH half
The values in each matrix identify where each
bit of the input message is mapped to in the
output message. For example, The matrix for
IP shows that the 58th bit from the input gets
mapped to the first bit of the output; the 50th of
the input maps to the second of the output, and
so on. 33
S-Boxes
The resulting 48 bits are XORed with key.
This 48 bit result passes through a substitution function
comprising 8 S-boxes.
Which each map 6 input bits to 4 output bits.
34
DES Round Structure
35
DES Key Schedule
The 64 bit key input is first processed by permuted choice
One.
The resulting 56-bit key is then treated as two 28-bit
quantities C and D.
In each round forms subkeys
rotating each half separately either 1 or 2 places depending
on the key rotation schedule K
selecting 24-bits from each half & permuting them by
PC2 for use in round function F
note practical use issues in h/w vs s/w
36
DES Decryption
decrypt must unwind steps of data computation
with Feistel design, do encryption steps again using subkeys
in reverse order (SK16 SK1)
IP undoes final FP step of encryption
1st round with SK16 undoes 16th encrypt round
.
16th round with SK1 undoes 1st encrypt round
then final FP undoes initial encryption IP
thus recovering original data value
37
Possible Techniques for Improving
DES
38
Double DES?
Using two encryption stages and two keys
C=Ek2(Ek1(P))
P=Dk1(Dk2(C))
It is proved that there is no key k3 such that
C=Ek2(Ek1(P))=Ek3(P)
But Meet-in-the-middle attack
39
Meet-in-the-Middle Attack
Assume C=Ek2(Ek1(P))
Given the plaintext P and ciphertext C
Encrypt P using all possible keys k1
Decrypt C using all possible keys k2
Check the result with the encrypted plaintext lists
If found match, they test the found keys again for
another plaintext and ciphertext pair
If it turns correct, then find the keys
Otherwise keep decrypting C
40
Triple DES
DES variant
Standardized in ANSI X9.17 & ISO 8732 and
in PEM for key management
Proposed for general EFT standard by ANSI
X9
Backwards compatible with many DES
schemes
Uses 2 or 3 keys
Cryptography and Network Security
41
3DES
42
Cont.
No known practical attacks
Brute force search impossible (very hard)
Meet-in-the-middle attacks need 256
Plaintext-Ciphertext pairs per key
Popular current alternative
11 22 33 44
55 66 77 88
99 00 AA BB
CC DD EE FF
AES Key
or 192 bits (6 words) or 256 bits (8 words)
1122334455667788 1122334455667788
9900AABBCCDDEEFF 9900AABBCCDDEEFF
1122334455667788 1122334455667788
9900AABBCCDDEEFF
11 22 33 44 11 22 33 44
55 66 77 88
55 66 77 88
99 00 AA BB
99 00 AA BB CC DD EE FF
CC DD EE FF 11 22 33 44
11 22 33 44 55 66 77 88
55 66 77 88 99 00 AA BB
CC DD EE FF
Byte Substitution
a simple substitution of each byte
uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)
eg. byte {95} is replaced by byte in row 9 column 5
which has value {2A}
designed to be resistant to all known attacks
Byte Substitution
Shift Rows
a circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
decrypt inverts using shifts to right
since state is processed by columns, this step
permutes bytes between the columns
Mix Columns
each column is processed separately
each byte is replaced by a value dependent on all 4 bytes
in the column
effectively a matrix multiplication in GF(28) using prime
poly m(x) =x8+x4+x3+x+1
Mix Columns
AES Round
THANKS
65
65