Symmetric encryption: Block ciphers
Transcript of Symmetric encryption: Block ciphers
![Page 1: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/1.jpg)
CRYPTOGRAPHY AND COMPUTER SECURITY
Symmetric encryption: Block ciphers
Ana I. González-Tablas Ferreres
José M. de Fuentes García-Romero de Tejada
Lorena González Manzano
Sergio Pastrana Portillo
![Page 2: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/2.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
2
![Page 3: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/3.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
3
![Page 4: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/4.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Modern encryption
• Classification
– Type of operations• In general, substitutions and transpositions
– According to the key used:• Symmetric (Secret key)
• Asymmetric (Public key)
– According to the number of symbols encrypted at a time• Stream (1 symbol or a few)
• Block (a set of symbols at a time)
4
![Page 5: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/5.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Modern encryption
STREAM CIPHERS BLOCK CIPHERS
PUBLIC KEYOr
Asymmetric
SECRET KEYOr
Symmetric
5
![Page 6: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/6.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Modern encryption
C= E (k, M) = Ek (M)
k
Sender Encryption DecryptionPlaintext Cryptogram
(insecure channel) ReceiverPlaintext
k
Secure channel to send k
M= D (k, C) = Dk (C)
Symmetric encryption Secret
6
![Page 7: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/7.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Modern encryption
Asymmetric encryption
Sender Encryption DecryptionPlaintext Cryptogram
(insecure channel
)
ReceiverPlaintext
ku kv
C= E (ku, M) = Eku (M)
M= D (kv, C) = Dkv (C)
Public Private
7
![Page 8: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/8.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
8
![Page 9: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/9.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Introduction
• M is divided in blocks of equal length:
M1, M2, ... Mn
• Each block is encrypted with the same key
C = Ek (M) = Ek (M1) Ek (M2) ... Ek (Mn)
• Typical block sizes 64, 128 or 256 bits
• Reversible mapping between M and C blocks
9
![Page 10: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/10.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Introduction
• Substitution of very long “characters”
– 64 bits or more
• Ideal block cipher
– n: block size. E.g.: 64
– Substitution tables (mapping) of 2n bits
– 2n! possible keys (matches Ci)
– Not practical• Substitution table is the key, length = n · 2n bits
• For n = 64 -> key length 1021 bits aprox.
10
![Page 11: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/11.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Introduction
Algorithm Block size (bits) Key size (bits) Rounds
Lucifer 128 128 16
DES 64 56 16
Twofish 128 variable variable
RC2 64 variable 18
RC5 variable variable variable
SAFER 64 64 8
IDEA 64 128 8
Skipjack 64 80 32
RIJNDAEL 128 128 or more flexible
11
![Page 12: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/12.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
12
![Page 13: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/13.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Feistel scheme
• Block cipher (Feistel 1975)
– Confine to a subset of 2n! possible keys• n: block text size
• k: key size
• 2k possible keys
– Product cipher• Substitution (S-box)
• Permutation (P-box)
– Practical application of Shannon’s proposal (1949)• High diffusion
• High confusion
13
![Page 14: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/14.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Feistel scheme
• Methods to thwart cryptanalysis
– Diffusion• statistical structure of M is dissipated in C
• each C bit is affected by many M bits
• achieved performing some permutation on Mi followed by a function to that permutation
– Confusion• seeks to make C - k statistical relationship as complex as poss.
• achieved by the use of a complex substitution algorithm
14
![Page 15: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/15.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Feistel scheme
Author: Nibumbumhttps://commons.wikimedia.org/wiki/File:Feistel_encryption.png15
![Page 16: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/16.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Feistel scheme
• Divide the block into two halves L0 and R0
• Substitute the left half
– Apply a round function F (non linear) to the right half of the data and then XOR the output and the left half• F is a function of the right half and the round subkey ki
• Permute the two halves
• Repeat it n rounds
16
![Page 17: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/17.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Feistel scheme
• Same circuit to encrypt and decrypt
– Just use the subkeys in reverse order
– A final permutation is needed (fig. slide 15)• Ln+1 = Rn
• Rn+1 = Ln
• In practice the design problem is reduced to:
– Develop a good subkey generation algorithm
– Develop a good round function F
• Many b.c. follows Feistel scheme but not all
17
![Page 18: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/18.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Feistel scheme
• Block size
– Larger size, greater security, lower speed
– 64 or more
• Key size
– Larger size, greater security, lower speed
– 128 or more
• Number of rounds
– Higher number, greater security, lower speed
– Typical value 16
• Subkey generation algorithm and round function F
– Greater complexity, greater resistance to cryptoanalysis
18
![Page 19: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/19.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
19
![Page 20: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/20.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Operation modes
• Technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application
• Intended for use with any symmetric block cipher
• Five modes defined by NIST (SP 800-38A)
Electronic Code Book ECB Cipher Block Chaining CBC Cipher Feedback CFB Output Feedback OFB Counter Mode CTR (recommended)
20
![Page 21: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/21.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Electronic Code Book mode(ECB)
21
![Page 22: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/22.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Electronic Code Book mode (ECB)
• Advantages:
– Block encryption and decryption can be executed in parallel } Ideal for a short amount of data
– e.g. symmetric key
– Bit errors in transmission do not propagate
• Disadvantages:
– Repeated plaintext blocks produce repeated ciphertext blocks
– It is possible to modify the order of the blocks or eliminate them
– Padding of the last block is neccesary
– E.g.: add zero bytes and a last byte reporting #padding_bytes
22
![Page 23: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/23.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Electronic Code Book mode (ECB)
• IV confidential to parties (integrity reasons)
23
![Page 24: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/24.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Cipher Block Chaining mode (CBC)
• A bit error in transmission affects two Mi
• Padding needed
24
![Page 25: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/25.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Cipher Feedback mode (CFB)
• Uses a shift register
• Plaintext is divided in segments (smaller than blocks)
• A bit error in transmission affects two Mi
• Converts a block cipher into a stream cipher
– But keystream depends on the plaintext
25
![Page 26: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/26.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Cipher Feedback mode (CFB)
26
![Page 27: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/27.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Output Feedback mode (OFB)
27
![Page 28: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/28.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Output Feedback mode (OFB)
• IV must be a nonce
• Bit error in transmission do not propagate
• Just affects a single bit of an Mi
• Does not need padding
• Remaining bits of the last output block are discarded
• Converts a block cipher into a stream cipher
– Keystream does not depend on the plaintext
– Works over blocks not over segments
28
![Page 29: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/29.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Counter mode (CTR)
• Uses a counter of the size of a block (n)
• Incremented by 1 mod 2n across consecutive blocks
• Remaining bits of the last output block are discarded
• Converts a block cipher into a stream cipher
– Keystream does not depend on the plaintext
– Works over blocks not over segments
29
![Page 30: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/30.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Counter mode (CTR)
• Simplicity and random access
30
![Page 31: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/31.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Counter mode (CTR)
• A bit error in transmission does not propagate
• It only affects a single bit of a block
31
![Page 32: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/32.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
32
![Page 33: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/33.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Advantages and disadvantages
• Use: confidentiality
• Advantages:
– High diffusion and confusion
– Simple implementation
– Symmetry• Similar encryption and decryption processes
• Same circuits to encrypt and decrypt (not always, e.g. AES)
– Efficiency• Fast process
33
![Page 34: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/34.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Advantages and disadvantages
• Disadvantages:
– Secure channel is required (key distribution)
– Management of a high number of keys
– Effectiveness• Slower than stream ciphers, the whole block should be read
• If M length is not a multiple of the block size, C length is bigger
– Security and robustness• Error propagation
• Vulnerable to attacks if blocks are repeated
– Padding gives clues to cryptanalysts
34
![Page 35: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/35.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
35
![Page 36: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/36.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Data Encryption Standard (DES)
• 1971 LUCIFER: IBM research project finishes (Feistel)– Key size:128 bits
• 1974: NBS (now NIST) request for proposals for a national cipher standard
• 1976: A modified version of LUCIFER wins– Key size reduced to 56 in order to fit on a single chip– NSA changed de S- boxes
• 1977: DES standard for commercial, bank and unclassified communications
• 1983, 1988, 1993: NIST reaffirmed DES as a standard– Criticism– Key length– Obscure design
• Suspicions of the National Security Agency (NSA)
36
![Page 37: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/37.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Block ciphers. Data Encryption Standard (DES)
• 1990: Differential cryptoanalysis (Biham and Shamir)– 247 chosen paintexts needed. Effort on 247 encryptions– Lucifer was vulnerable but DES is not
• 1993: Linear Cryptanalysis (Matsui)– 243 knownplaintexts needed
• 1998: DES Cracker de la Electronic Frontier Foundation– 56 hours– Using 1536 dedicated chips– $250K, less than a year to build it
• 1999: DES Cracker version 2– 22 hours– Combines 100K PCs
• 1999:Triple DES as new standard– DES just for legacy systems
• 2001: new contest and new standard -> AES (Advanced EncryptionStandard)
37
![Page 38: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/38.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Encryption and decryption scheme
• Key: 64 bits – (8 parity bits)
• Block size: 64 bits
• Rounds: 16– Last one needs
one additional permutation (*)
• Internal keys: – 16 48-bits keys
• Mathematicalbasis: – substitutions
• lineal • non lineal
– permutations
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits) INPUT [M] (64 bits)
OUTPUT [M] (64 bits) OUTPUT [M] (64 bits)
38
![Page 39: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/39.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• (…)
– Data Encryption Standard (DES)• Encryption
• Key expansion
• Decryption
• Triple DES
• Security
– AES
– (…)
39
![Page 40: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/40.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Algorithm decription
Cleartext
1. Select block M to be encrypted
2. Place the 64 bits of the cleartext as follows
40
![Page 41: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/41.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map”
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
OUTPUT [M] (64 bits)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits)
OUTPUT [M] (64 bits)
INPUT [M] (64 bits)
41
![Page 42: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/42.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Algorithm decription
From cleartext to initial permutation
3. Initial Permutation, IP
42
![Page 43: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/43.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map”
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
OUTPUT [M] (64 bits)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits)
OUTPUT [M] (64 bits)
INPUT [M] (64 bits)
43
![Page 44: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/44.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Algorithm decription
Operation before the initial round
4. Computation of left and right sub halves, L0 and R0, of 32 bits each
44
![Page 45: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/45.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map”
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
OUTPUT [M] (64 bits)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits)
OUTPUT [M] (64 bits)
INPUT [M] (64 bits)
45
![Page 46: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/46.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Round scheme
46
![Page 47: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/47.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map”
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
OUTPUT [M] (64 bits)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits)
OUTPUT [M] (64 bits)
INPUT [M] (64 bits)
47
![Page 48: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/48.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Expansion (E) Box
• From 32 bits to 48 bits
48
![Page 49: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/49.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” - Round
49
![Page 50: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/50.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: S boxes
50
![Page 51: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/51.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” - Round
51
![Page 52: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/52.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: S boxes
• 8 matrices S1 , S2 … S8, where each Si receives a 6-bit input b0,b1 … b5
• The decimal value of bit pair b0 b5 select a row in matrix Si
• The decimal value of bits b1 b2 b3 b4 select a column in Si
• The output in decimal is the value in the matrix given by the previously
• computed (row, column). Its 4-bit binary value is the output
• Eg: S1 & input= 110011 -> row 3 (11) and column 9 (1001), with a decimal output of, 11, that corresponds to the binary string 1011
Nº 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
52
![Page 53: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/53.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: S boxes
53
![Page 54: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/54.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: S boxes
54
![Page 55: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/55.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Permutation (P) Box
• From 32 bits to 32 bits
55
![Page 56: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/56.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” - Round
56
![Page 57: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/57.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” - Round
57
![Page 58: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/58.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• (…)
– Data Encryption Standard (DES)• Encryption
• Key expansion
• Decryption
• Triple DES
• Security
– AES
– (…)
58
![Page 59: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/59.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map”
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
OUTPUT [M] (64 bits)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits)
OUTPUT [M] (64 bits)
INPUT [M] (64 bits)
59
![Page 60: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/60.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Generation of internal keys
Round 1
Round 2
Round 16
(…)
60
![Page 61: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/61.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Generation of internal keys
1. Permutation of the key PC-1 => 56 bit.
2. Divide block in 28 bits.
3. i=1
4. Left swift of each block (1 or 2 bits depending on the round)
5. Internal key Ki generation1. Concatenation of the 2 blocks => 56 bits
2. Permutation PC-2 => 48 bit = internal key ki
3. i= i +1
4. Go back to 4 while i<=16
6. Result: 16 internal keys, 48 bits each of them
7. In the encryption process K1-K16 (in the decryption, the inverse order K16-K1)
61
![Page 62: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/62.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Permutation PC-1
• From 64 bits to 56 bits
62
![Page 63: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/63.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” – internal keys
63
![Page 64: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/64.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Permutation PC-1
• Division in two halves, C0 y D0
Block C0
Block D0
64
![Page 65: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/65.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” – internal keys
65
![Page 66: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/66.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Shift
• Left circular shift within each of the halves
66
![Page 67: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/67.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” – internal keys
67
![Page 68: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/68.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Permutation PC-2
• From 56 bits to 48 bits
68
![Page 69: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/69.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map” – internal keys
69
![Page 70: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/70.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• (…)
– Data Encryption Standard (DES)• Encryption
• Key expansion
• Decryption
• Triple DES
• Security
– AES
– (…)
70
![Page 71: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/71.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: “Situational map”
INITIAL PERMUTATION
IP)(
INVERSE INITIAL
PERMUTATION IP( -1)
ROUNDSC1 to C*
16
KEY EXPANSION(K1 … K16)
OUTPUT [M] (64 bits)
INITIAL PERMUTATION
(IP)
INVERSE INITIAL
PERMUTATION
(IP-1)
ROUNDSC16 to C*
1
KEY (56
useful bits)
INPUT [M] (64 bits)
OUTPUT [M] (64 bits)
INPUT [M] (64 bits)
71
![Page 72: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/72.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
DES: Decryption
• Same algorithms but with 2 changes
– Internal keys used in inverse order
• The key expansion algorithm is the same, but it should be computed “going up” instead of “going down”
– After PC-1: C0=C16 and D0=D16
– Swift to Ci and Di should be “right swifts”
72
![Page 73: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/73.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• (…)
– Data Encryption Standard (DES)• Encryption
• Key expansion
• Decryption
• Triple DES
• Security
– AES
– (…)
73
![Page 74: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/74.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Triple DES (TDES)
• 3 DES con 2 claves => clave de 112 bit
– C = E(k1, D(k2, E(k1,M)))
– Compatibility with simple DES if k1=k2
• 3 DES con 3 claves => clave de 112 bit
– C = E(k3, D(k2, E(k1,M)))
• Cost of the meet in the middle attack 2112
74
![Page 75: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/75.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• (…)
– Data Encryption Standard (DES)• Encryption
• Key expansion
• Decryption
• Triple DES
• Security
– AES
– (…)
75
![Page 76: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/76.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Security
• Attacks to DES
– Frute force• Broken in less than one day
http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html
– Differential cryptoanalysis (Biham and Shamir)• 247 chosen plaintexts needed. Effort on 247 encryptions
• Lucifer was vulnerable but DES is not
– Linear Cryptanalysis (Matsui)• 243 knownplaintexts needed
• Attack to Triple DES
– Meet-in-the-middle attack• Reduces the effort to an order of 256
76
![Page 77: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/77.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
OUTLINE
• 5. Symmetric encryption: Block ciphers
– Modern encryption
– Block ciphers• Introduction
• Feistel scheme
• Operation modes
• Block ciphers: advantages and disadvantages
• DES
• AES
77
![Page 78: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/78.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Advanced Standard Encryption (AES)
• Advanced Encryption Standard
• Standard for symmetric encryption (block cipher)
• NIST contest to substitute DES
– Government communications
– Bank transfers
– Electronic commerce
– Etc.
78
![Page 79: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/79.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
Advanced Standard Encryption (AES)
• At least as secure as 3DES but faster in SW
• Symmetric block cipher
• Block size: 128 (16 bytes)
• Key sizes: 128, 192, 296
79
![Page 80: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/80.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Evaluation criteria
• Flexibility
Able to manage different block and key sizes
• Simplicity
• No royalties
• Efficiency – both in HW and SW
• Memory requirements
• Compared to the other proposals
• Output indistinguishable from a random permutation
• Sound Mathematical foundations
• Resistance against known cryptanalitical attacks
FeaturesCostSecurity
80
![Page 81: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/81.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Winner features
• Operates on blocks of 16 bytes (128 bits)
• Accepts 3 key sizes 128, 192, 256 bits
• Substitución-permutation network (not a Feistel network)
• Fast in SW and HW, easy to implement and low memory requirements
• Based on 4 reversable functions, applied n rounds
• State matrix evolution
81
![Page 82: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/82.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES scheme • Encryptionfunctions (from thetop to the bottom):
- AddRoundKey
- ByteSub
- ShiftRow
- MixColumns
• Decryptionfunctions (from thebottom to the top):
- InvAddRoundKey
- InvByteSub
- InvShiftRow
- InvMixColumnsAuthor: Enrique Zabala http://www.formaestudio.com/rijndaelinspector/
82
![Page 83: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/83.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: key bytes and states
• Key bytes and state bytes are placed in rectangular arrays
Key sizes: 16, 24 or 32 bytes
Variable block size: 16, 24 or 32 bytesAES: 16 bytes
83
![Page 84: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/84.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
RINDAEL algorithm
Rijndael(State, Key) {
KeyExpansion( Key, ExpandedKey );
AddRoundKey( State, ExpandedKey );
for (i=1; i<10; i++)
Round(State, ExpandedKey+4);
FinalRound(State,ExpandedKey+4X10);
}
Round(State, RoundKey) {
ByteSub(State);
ShiftRow(State);
MixColumn(State);
AddRoundKey(State,
RoundKey);
}
State -- array of 4 words (de 32 bits) No. of Rounds -- 9 rounds
KeyExpansion -- XOR of the keywords,
S-box lookups, rotation of bytes intra-wordAddRoundKey -- bitwise-XOR with the keywords
FinalRound -- similar to a Round but without MixColumn
84
![Page 85: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/85.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Operation with bytes
• Additions and multiplications: Galois field GF(28) with 8 bits
• The following polynomial is used:
85
![Page 86: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/86.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: SubByte function
86
![Page 87: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/87.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: SubByte table
• The inverse of theinput can be alsocomputed throughthis table
• 5a => be
87
![Page 88: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/88.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: SubByte example
• Calculus of SubByte(5a)
• Once operations are performed, the result is: 1011 1110 = be (the same as using the table)
88
![Page 89: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/89.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Shiftrows function
• Row 0 => no swift
• Row 1 => Swift 1 byte
• Row 2 => Swift 2 bytes
• Row 3 => Swift 3 bytes
89
![Page 90: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/90.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Mixcolumns function
• We work in GF(28). Polynomial
• Remember: {03} = x + 1, {02} = x, {01} = 1.
• Operations over each column:
90
![Page 91: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/91.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Mixcolumns example
• We assume this is the intermediate state
• The first byte of the state matrix (S’0,0) is:
91
![Page 92: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/92.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: Mixcolumns example
• The first byte of the state matrix (S’0,0) is:
Then: S’0,0 = 25Similar calculations are computed until byte S’4,4
92
![Page 93: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/93.jpg)
Ana I. González-Tablas Ferreres, José M. de Fuentes García-Romero de Tejada, Lorena González Manzano, Sergio Pastrana Portillo
AES: AddRoundKey functin
AddRoundKey, XOR
between the State
and the round
subkey.
Goal – round function
does not depend on
the key
93
![Page 94: Symmetric encryption: Block ciphers](https://reader030.fdocuments.co/reader030/viewer/2022012023/6169cf4411a7b741a34b9c0d/html5/thumbnails/94.jpg)
CRYPTOGRAPHY AND COMPUTER SECURITY