Serious Cryptography 4

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

S-boxes

"substitution boxes", small lookup tables that transform chunks of 4 or 8 bits. Be as nonlinear as possible, and have no statistical bias.

Block Cipher

A cipher that manipulates an entire block of plaintext at one time. Consists of an encryption algorithm and a decryption algorithm.

Triple DES (3DES)

A more-secure variant of DES that repeatedly encodes the message using three separate DES keys. 112 bit security, but the key must be 168 bits long, and it's slow in software. DES encrypts, then decrypts, then encrypts again, using a separate key for each stage. Vulnerable to Meet-in-the-Middle attacks.

A Nonce

A number used only once. Same for all blocks in a message, but no 2 messages should use the same nonce. Needs to be unique for the same reason a one-time pad shouldn't be reused. Doesn't need to be random, like an initial value in CBC, only unique.

Advanced Encryption Standard (AES)

A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES. Developed in Belgium. Most used cipher in the Universe. NSA approved for top-secret info. Result of a NIST "Got Talent" competition 1997-2000. Used to be "Rijndael" for Rijmen and Daemen.

Data Encryption Standard (DES)

An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated. 56 bit security.

Security Goals

Attackers shouldn't be able to find any pattern in the values. Impossible for to tell a block cipher from a random permutation. Should be unable to recover the secret key.

AES Internals

Blocks of 128 bits, usually with a 128 bit key being most common. Manipulates bytes. Views a 16-byte plaintext as a 2-dimensional array (state) of bytes. AES transforms the bytes, columns, rows of the array to produce ciphertext.

Other Block Ciphers

CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, Magenta, MARS, RC6, SAFER+, Serpent, Twofish. NSA designs: Skipjack, SIMON, SPECK. Lightweight: KATAN, PRESENT, PRINCE.

GOST 28147-89

Developed by the KGB, kept secret until 1990 and still used.

AES round - 4 building blocks

Each round consists of: 1-SubBytes, replaces each bytes with another byte according to an s-box (substitution layer) 2-ShiftRows, shifts the ith row of i positions, for i ranging from 0-3 (permutation layer) 3- MixColumns, Applies the same linear transformation to each of the 4 columns of the state (permutation layer) 4- AddRoundKey, XORs a round key to the internal state MixColumns doesn't exist in the last round because it's linear and too predictable.

Decryption algorithm

Essentially the encryption algorithm run in reverse. Takes the ciphertext and the same secret key and produce the original text.

Feistel Scheme

Horst Feistel in the 70s designed block cipher "Lucifer": 1- split the 64 bit block into 2 halves, L and R 2- Set L to a "substitution-permutation round" 3- Swap the values of L and R 4- Repeat step 2, 15 times 5- Merge L and R again to form the 64 bit output block The rounds can be psuedorandom permutations (PRP), yielding very distinct outputs from inputs or pseudorandom functions (PRF), yielding only values X and Y. DES performs 16 rounds, GOST performs 32 rounds. Only 4 rounds is sufficient in theory.

Rounds

In a block cipher, a round is a basic transformation that is simple to specify and implement, iterated several times to form the algorithm. Simpler to implement and analyze than a huge algorithm.

Substitution-Permutation Networks (SPNs)

In a block cipher, confusion and diffusion take the form of substitution and permutation operations, which are combined here. Substitution appears in the form of s-boxes. Permutation is changing the order of the bits, sometimes using linear algebra or matrix multiplications to mix up the bits, like the block cipher FOX.

Electronic Codebook (ECB) Mode

Insecure, should never be used. Just changes the colors of the penguin. Identical ciphertext blocks reveal identical plaintext blocks. Only takes complete blocks of data, so if it were 16 bytes, it encrypts in 16 byte increments.

Cipher Block Chaining (CBC) Mode

Like ECB, but CBC mode makes each ciphertext block dependent on all the previous blocks, and ensures that identical plaintext blocks won't be identical ciphertext blocks. "Random initial value" guarantees that 2 same plaintexts will become different ciphertexts. Decryption is a lot faster due to parallelism and the initial value is sent with the ciphertext, in the clear. Encryption always has to wait for the previous block's ciphertext.

Meet-in-the-middle attack

Makes double DES attacks only as secure as DES attacks. The reason they created triple DES (3DES). Also the reason why 3DES gets only 112-bit security despite having 168-bits of key material.

Ciphertext stealing

More complex and less common than padding. 1- Plaintexts can be any bit length, not just bytes. 2- Ciphertexts are always the same length as Plaintexts. 3- not vulnerable to padding oracle attacks. In CBC mode, it extends the last incomplete plaintext block with bits from the previous ciphertext block, then encrypts the entire block. The last ciphertext block is made up of the first bits of the previous ciphertext block. Inelegant, and hard to get right.

Block Size

Security depends on the block size and the key size. 64 bit or 128 bit blocks. DES is 64 bits and AES is 128 bits. Can't be too large to minimize the length of ciphertext and memory footprint.

Padding Oracle Attack

Simple and devastating attack. System behaves differently depending on whether the padding of a CBC encrypted ciphertext is valid. Returns either a "success" or "error" value. The padding oracle sends error messages when it receives a malformed ciphertext. The padding oracle attack is recording which inputs have valid padding and which inputs don't. Attackers can exploit the info to decrypt chosen ciphertext as a CCA.

AES KeyExpansion

The AES key schedule algorithm. Creates 11 round keys of 16 bytes each using the same s-box as SubBytes and a combination of XORs. By reversing the algorithm, an attacker can determine all other round keys, as well as the main key. Imperfect defense vs side-channel attacks, where attackers can recover a round key.

AES Secure?

Yes, will never be broken. No proof that it's immune to all types of attacks. Biggest threat is the mode of operation, not the core algorithm.

encryption algorithm

a set of steps that can convert readable plaintext into unreadable ciphertext

Padding a message

a technique that allows you to encrypt a message of any length, even smaller than a single block. Rules for padding a 16-byte block: if there's 1 byte left over (17-bytes), then pad it with 15 more bytes, and so on, and so on. Always makes ciphertext a bit longer by at least 1 byte or a block!

AES uses

an SPN structure with 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, 14 rounds for 256-bit keys.

A Counter

an integer that is incremented for each block. No 2 blocks should use the same counter within a message, but different messages can use the same counter values. Always guaranteed to be unique if it's incremented for every new plaintext.

Pseudorandom Permutation (PRP)

as long as the key is secret, an attacked shouldn't be able to compute an output of the block cipher from any input.

Codebook Attacks

attacks vs block ciphers that are only efficient when smaller blocks are used. Only used effectively under 64 bit blocks. Builds a lookup table (the codebook), mapping each ciphertext block to it's plaintext block.

cache-timing attacks

exploit timing variations when a program reads or writes elements in cache memory. Timings leak information about which element was accessed. Difficult to stop... can't ditch lookup tables altogether. Instead of relying on vulnerable software, rely on hardware.

Round Key

keys derived from the main key using an algorithm called a "key schedule". Should always be different from each other in every round. Also protects against side-channel attacks (attacks that exploit info leaked from the implementation of a cipher)! Few block ciphers have a one-way key schedule.

Slide Attacks

look for 2 plaintext/ciphertext pairs. When rounds are identical, the relation between 2 plaintexts will show the relation between 2 ciphertexts. Knowing input/output of a round can help recover the key. Using different round keys will make sure rounds behave differently and foil this attack.

Table-Based Implementations

of AES replaces the sequence of SubBytes-ShiftRows-MixColumns with a combination of XORs and lookup tables hardcoded into the program and memory. Encryption need 4 KBs worth of tables, because each table stores 256 32-bit values (8192 bits = 1 KB). Decryption needs another 4 KBs. This is vulnerable to cache-timing attacks.

AES Native Instructions (AES-NI)

solve the problem of cache-timing attacks. Allow you to tell the processor to run an AES round instead of requiring you to program rounds as a combination of basic operations. Just call the instruction "AESENC" and the chip computes the round for you. AES is 10x faster on platforms that implement Native Instructions.

Confusion

the input undergoes complex transformations. "Depth"

memory footprint

to process a 128 bit block, you need 128 bits of memory. Blocks of 64, 128, 512 bits are short enough to allow for efficient implementations. Use 128 bits over 64 bits whenever possible. Processed more efficiently and more secure.

Diffusion

transformations depends equally on all bits of the input. "Breadth"

Counter (CTR) Mode

turns a block cipher into a stream cipher, takes bits in and spits out bits. Doesn't make blocks. Encrypts blocks composed of a counter and a nonce. The nonce is sent in the clear with the ciphertext. Faster than any other mode... by picking a nonce and start encrypting before even knowing the plaintext.


Set pelajaran terkait

CH1 The Nature and Importance of Leadership

View Set

CHAPTER 22 LESSON 3: HIGH-FRUCTOSE CORN SYRUP AND NONNUTRITIVE SWEETENERS

View Set

Chapter 11 - 12 Homework- DNA Profiling✅✅

View Set

Chem 1212 - 17.2 Factors Affecting Reaction Rates

View Set

Saunders ch30 Postpartum Complications

View Set

Chapter 91: Miscellaneous Antibacterial Drugs: Fluoroquinolones, Metronidazole, Daptomycin, Rifampin, Rifaximin, Bacitracin, and Polymyxins

View Set

Female Reproductive System Physio

View Set

NURS 355 Chapter 2, NURS 355 Chapter 4, NURS 355 Chapter 10, NURS 355 Chapter 12, NURS 355 Chapter 13, NURS 355 Chapter 15, NURS 355 Chapter 17, NURS 355 Chapter 22, NURS 355 Chapter 5, NURS 355 Chapter 27, NURS 355 Chapter 28, Chapter 01: Perspectiv...

View Set

Developed/developing countries - Characteristics

View Set