Professional Documents
Culture Documents
Lecture 9
IDEA, RC5,RC2, Encryption key placement
IDEA
IDEA is patented in Europe & US, however noncommercial use is freely permitted
Used in the public domain PGP (with agreement) Currently no attack against IDEA is known
Seem secure against differential cryptanalysis, brute force.
The name IDEA is also a trademark. The patents expired in 2010-2011. Today, IDEA is licensed in all the countries where it is patented by MediaCrypt. IDEA was used in Pretty Good Privacy (PGP) v2.0.
3/18/2013 Department of ECE JNTUH 3
IDEA...
Encrypts 64-bit blocks using a 128-bit key PRINCIPLE: Based on mixing operations from different (incompatible) algebraic groups
XOR, +mod 216 , *mod 216 + 1 On 16-bit sub-blocks, with no permutations used. The non-linearity deserved is obtained by three modulo operations (XOR, addition modulo 216 , Multiplication modulo 210 +1); instead of using Sboxes. Easily implemented both in hardware and software.
3/18/2013 Department of ECE JNTUH 4
IDEA
Initially, the 64 bit data is divided into 4 sub blocks (x1,x2,x3,x4) of 16 bit each. These sub-blocks together undergo 8 rounds (R1,R2,R3,R4,R5,R6,R7,R8)of transformation operation, with the sub-keys. The 128 bit key is divided into 8 sub-keys (K1,K2,K3,K4,K5,K6,K7,K8) of 16 bits each.
IDEA
3/18/2013
IDEA(overview)
3/18/2013
3/18/2013
IDEA
Round Transformation of each round: 1) Multiply x1 and the first sub-keyx1*k1 2) Add x2 and second sub-key x2+k2 3) Add x3 and third sub-key x3+k3 4) Multiply x4 and fourth sub-key x4*k4 5) XOR the results of step1 and 3 6) XOR the results of step2 and 4 7) Multiply results of steps 5 with fifth sub-key 8) Add results of steps 6 and 7 9) Multiply the results of steps 8 with the sixth sub-key. 10) Add the results of step 7 and 9 11) XOR the results of steps 1 and 9y1 12) XOR the results of steps 3 and 9 y2 13) XOR the results of steps 2 and 10 y3 14) XOR the results of steps 4 and 10 y4 15) Y2 and Y3 sub-blocks are swapped. Y1 ,Y2,Y3,Y4------ end result of each round
IDEA
Last ROUND doesnt have swap step. Additionally, it has following transformations:
Multiply Y1 and the 1st subkey Add Y2 and the second subkey Add Y3 and the 3rd Sub-key Multiply Y4 and the 4th sub-key
IDEA
Sub-key Generation
Total needed 52=6 8+4 sub-keys
First are directly from the key in order Left shift of 25 bits, and then next 8 subkeys Each sub-key is a sub-block of the original key.
Decryption
Much more complicated It needs the inverse of the encryption key
For addition, multiplication respectively.
IDEA
Key Scheduling
128 bit key=8 16 bit sub-keys First 6 sub-keys are used for 1st round. Remaining 2 sub-keys for 2nd round Entire 128 bit key is given a rotation for 25 steps to left and again divided into 8 blocks (of 16 bit each). First 4 sub-keys are used for the remaining in 2nd round. Remaining $ sub-keys re used for 3rd round Entire 128 bit key is left shifted 25 bits and divided into 8 blocks This process iterates for all the rounds till the end. For Decryption, the sub-keys are reversed and are either the multiplicative or additive inverse of the corresponding encryption subkeys.
IDEA
Decryption
Same code can perform either encryption or decryption given different expanded keys. The inverses of the encryption keys and use them in the opposite order (use the inverse of the lastused encryption key as the first used when doing encryption). Since the last encryption round (an odd-round) used keys K49,K50,K51,K52, The first decryption round uses the inverses of the keys K49-K52.
3/18/2013
14
IDEA
Cryptanalysis:
Only 4 rounds of cipher makes it immune to differential cryptanalysis. Joan Daeman, Rene Govaerts & Joos Vandewalle showed that the cipher had certain keys which can be easily discovered in a chosen plaintext attack.
RC 5
Developed by R. Rivest
Suitable for hardware or software Fast, simple Variable number of rounds Variable-length key Low memory requirement High security Data-dependent rotations (circular bit shifts) Fast, simple, low memory, data-dependent rotations Adaptable to processors of different word length
A family of algorithms determined by word length, number of rounds, size of secret key
Primitive operations
Addition, XOR, left circular rotation
3/18/2013 Department of ECE JNTUH 16
Stream Ciphers
Decryption requires use of same pseudo random sequence: Ex: Cipher text : 10100000 key stream : 01101100 XOR operation Plain Text : 11001100 One Time Pad uses genuine random number generator , whereas stream cipher uses a pseudorandom number stream.
Stream Ciphers
Encrypts plaintext one byte at a time. Can even operate on one bit at a time, or on units larger than 1 byte. Pseudorandom number stream should be unpredictable without the knowledge of the input key. PR generator output is called key stream. Ex: plain text : 11001100 key stream : 01101100 XOR operation Cipher text: 10100000
RC4
Ron Rivest (of the famous RCA) is the inventor A long random string is called a one-time pad. A stream cipher generates a one-time pad and applies it to a stream of plain text with . RC4 is a stream cipher designed by Ron Rivest.
3/18/2013
21
RC 4
3/18/2013
23
3/18/2013
24
End-to-end encryption
encryption occurs between original source and final destination need devices at each end with shared keys
3/18/2013
Dept. of ECE
25
Placement of Encryption
Can place encryption function at various layers in OSI Reference Model
link encryption occurs at layers 1 or 2 end-to-end can occur at layers 3, 4, 6, 7 as move higher less information is encrypted but it is more secure though more complex with more entities and keys
3/18/2013
Dept. of ECE
26
End-to-end encryption
The source encrypt and the receiver decrypts Payload encrypted Header in the clear
3/18/2013
28
Key Distribution
1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B.
3/18/2013 Department of ECE JNTUH 29
Key Distribution
Session key:
Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed
Permanent key:
Used between entities for the purpose of distributing session keys
3/18/2013
30
Key Distribution
Symmetric schemes require both parties to share a common secret key Issue is how to securely distribute this key Often secure system failure due to a break in the key distribution scheme
3/18/2013
Dept. of ECE
31
3/18/2013
32
Key Distribution
Given parties A and B have various key distribution alternatives:
1. A can select key and physically deliver to B 2. third party can select & deliver key to A & B 3. if A & B have communicated previously can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B
3/18/2013
Dept. of ECE
33
3/18/2013
Dept. of ECE
34
3/18/2013
Dept. of ECE
35
Random Numbers
many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad
3/18/2013
Dept. of ECE
36
Private-Key Cryptography
traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender
3/18/2013
Dept. of ECE
37
References
Behrouz A. Forouzan, Debdeep Mukhopadhyay, Cryptography and Network Security 2e, McGraw Hill Publications, ISBN 978-0-07-070208-0. William Stallings, Cryptography and Network SecurityPrinciples and Practices, 4e, Pearson-Printice Hall publications, ISBN 81-7758-774-9. Stallings, W. Cryptography and Network Security: Principles and Practice, 2nd edition. Prentice Hall, 1999 Scneier, B. Applied Cryptography, New York: Wiley, 1996 Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Cyberspace.org
3/18/2013 Department of ECE JNTUH 38