1 / 71

720 likes | 1.04k Vues

Algorithms for cryptography- Education and learning perspective. P.V.Ananda Mohan Fellow IEEE ECIL, Bangalore. 14 th Dec 2007. Agenda. Introduction E-learning requirements Overview of Algorithms

Télécharger la présentation
## Algorithms for cryptography- Education and learning perspective

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
Content is provided to you AS IS for your information and personal use only.
Download presentation by click this link.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

**Algorithms for cryptography- Education and learning**perspective P.V.Ananda Mohan Fellow IEEE ECIL, Bangalore 14th Dec 2007**Agenda**• Introduction • E-learning requirements • Overview of Algorithms • Case studies of Encryption, Authentication and message digest Algorithm implementations- what needs to be taught, at what level, for whom • Conclusion**Hardware**Options Introduction Implementations of Cryptosystems Key Generation Systems Software PC applications Portable Devices Mobile Phones E-Commerce ATMs etc ASIC FPGA DSP Algorithm Implementation Key Loading Tools Smart cards I-Buttons Key Guns**Who wants to learn?**• (a) Implementers of a given algorithm • Implementation of the given algorithm in a particular platform. • Software implementation using C, C++ • Hardware implementation using (i) FPGAs (ii) DSPs or (iii) ASICs will be needed. • Speed or Area Requirements (or resources on FPGA such as CLBs, gates in an ASIC) Optimization**Who wants to learn?**• (b) Advanced implementers • tamper proof design • protection of IP or code • Error/malfunction detection • Side-channel attack resistance etc. • Technological solutions or architectural solutions needed • Extremely high speed of operation for example IPSEC in gigabit routers • Low-power implementations desired • Agility regarding Multiple Algorithms , modes (e.g DES,3-DES,AES, Blow Fish, IDEA, CBC mode, Counter mode, ECB mode, CFB, OFB)**Who wants to learn?**• (c) Researchers and cryptanalysts • Fast implementations • Secure protocols • Key Search engines for brute force attacks based on Software and hardware • Attacks • Differential and linear cryptanalysis • Power Attacks • new algorithms which are resistant to various types of attacks. • New Algorithms • Cryptanalysis of New Algorithms of others and old Algorithms**Three Related domains**Authentication Encryption Hashing and Digital Signatures**Case studies**• One encryption algorithm based on a stream cipher • one encryption algorithm based on a block cipher • A RSA implementation • A Hash algorithm**Ciphered data**Clear data = Masking = modulo 2 STREAM CIPHERING Masking sequence No error Propagation**Primitive Polynomial is x3+x2+1**Key 1 0 1 Non-zero initial conditions clock 3-STAGE LFSR**3-stage LFSR**• 101 • 010 • 001 • 100 • 110 • 111 • 011 • seed (initial condition) • period= 23-1=7 states**RAND**RAND 128 Bits A3 A3 Ki Ki SRES (32 bits) SRES ? RAND A8 A8 Ki Ki Kc 64 bits Kc 64 bits Frame# Frame# Encrypted traffic A5 A5 GSM Authentication using signature and encryption in a nutshell RAND**LFSR 17**LFSR 19 LOGIC LFSR 23 Example: A5 Algorithm of GSM • Clock Controlled Shift registers • Fixed sparse Primitive polynomials • Initial conditions is the key (64 bits)**What do you need to know**• Primitive polynomial: definition • Testing for Primitivity (software) • Implementation of LFSR in Software and hardware • Combining LFSrs in many ways • Linear Complexity evaluation (using Berlekamp-Massey Algorithm) and period • Possible Attacks-immunity • Advanced systems (word level LFSRs-synthesis, NLFSRs) • Design of New schemes and evaluation • Study of known schemes like BlueTooth (E0), CAVE, A5 etc • Interactive exercises**N bit input block**K bit key N bit output block BLOCK CIPHERS**SYMMETRIC KEY ENCRYPTION ALGORITHMS**• Data encryption standard(DES) • Triple DES • International data encryption algorithm (IDEA) • Blowfish • RIJNDAEL - the advanced encryption standard • Other AES candidates**General Features/Specifications**• Block length in bits • Key length in Bits • Rounds • Operations in Each round • Key Schedule for all rounds • Round Key generation • Decryption • Modes of operation • Any Weak Keys • Complexity / Execution time Benchmarks • Five modes of operation**64 bit input**56 bit key 64 bit output ECB (Electronic codebook mode**Text**block2 Text block3 Text block1 IV (Initialization Vector) E E E Cipher text blocks Cipher Block Chaining mode**Shift Register**(64-J) bits J bits DES Encryption key J bits Discard 64-j bits Plain text j bits Cipher text j bits • CFB(CIPHER FEEDBACK MODE)**64-j bits**j bits E Plain text Cipher text OFB (Output feedback) mode**Basic Primitives in Block Ciphers**• Bit by bit exclusive OR • Modulo 216 or 232 Additions (use fast adders) • Arbitrary rotations (left or right by any number of bits) • Permutations • S-Boxes • Modulo Multiplication (X.Y) mod N • Exponentiation XY mod N • Multiplicative Inverses (1/X) mod N • Galois field operations (multiplication, inversion, word based LFSRs)**Input block**Multiplexer Mode control Actual key Key Scheduler Round Processor 1 Round Processor2 Round Processor k-1 Round Processor k Round Keys Latch Round processors individual or few or one Output block Typical Architecture Software, ASIC or FPGA Key Register Clock**Rijndael (AES)**• Variable block length (128,192,256 bits) • Variable key length( 128,192 or 256 bits) • Block cipher • Data and key arranged as rows and columns • Byte level design • Suitable for DSP or Microprocessor based or ASIC implementation**Rijndael**• Four Rows • Nb columns : Nb = Block length/32 • Nk columns : Nk = Key length /32 • Number of rounds dependent on Nb and Nk: 4 6 8 4 10 12 14 6 12 12 14 8 14 14 14 Nb Nk**Rijndael**• Rounds shown in Table +1 needed • Each round consists of four operations: • 1)Byte Substitution • 2) Shift row • 3)Mix column • 4) Add Round key (modulo 2 bit by bit) • Some steps can be combined.**Byte Sub: Step 1**• a00 ao1 ao2 a03 ao4 ao5 • a10 a11 a12 a13 a14 a15 • a20 a21 a22 a23 a24 a25 • a30 a31 a32 a33 a34 a35 First write data vertically Substitute for each byte from a Rijndalel S-Box to get a new block: Simple step**First row no shift**Second row One byte left circular shift 2 byte left circular shift Third row Fourth row Three byte left circular shift Rijndael • Shift row: Step 2 Original The result is the permutation 1 6 11 16 5 10 15 4 9 14 3 8 13 2 7 12**Mix Column**• Mix column Transformation -Avoids a big 32 bit input 32 bit output S-Box • All bytes are treated as polynomials • Example the byte b7b6b5b4b3b2b1b0 is the polynomial b7x7+b6x6+b5x5+b4x4+b3x3+b2x2+b1x+b0 • Columns are considered as polynomials over GF(2**8) • The irreducible 8th degree polynomial used is x8+x4+x3+x+1**MIX Column**• b(x)=[c(x).a(x)] mod (x4 +1) • c(x) = “03” x3 + “01”.x2 + “01”.x+”02” • we thus obtain all new columns corresponding to a(x).**Example**• d(x)=[a(x).b(x)] mod (x4 +1) • a(x) = a3.x3 + a2.x2 +a1.x+a0 • b(x) = b3.x3 + b2.x2 +b1.x+b0 • d(x)=c6x6+c5x5+c4x4+c3x3+c2x2+c1x+c0 • c0= a0b0, c4=a3b1+a2b2+a1b3 • c1=a1b0+a0b1, c5= a3b2+a2b3 • c2=a2b0+a1b1+a0b2,c6=a3b3 • c3=a3b0+a2b1+a1b2+a0b3 • All + are Exclusive OR • But x4=1,x5=x,x6=x2 mod (x4+1)**c0= a0b0+a3b1+a2b2+a1b3**• c1=a1b0+a0b1+a3b2+a2b3 • c2=a2b0+a1b1+a0b2+a3b3 • c3=a3b0+a2b1+a1b2+a0b3 • Each of the above is a multiplication in GF(8) • Fortunately, all bi s are simple. • 02H or 03 H or 01H or 01H**Rijndael Mix Column: Step3**• a00 a01 a02 a03 ao4 a05 • a10 a11 a12 a13 a14 a15 • a20 a21 a22 a23 a24 a25 • a30 a31 a32 a33 a34 a35 • b00 b01 b02 b03 bo4 b05 • b10 b11 b12 b13 b14 b15 • a20 b21 b22 b23 b24 b25 • b30 b31 b32 b33 b34 b35 Xc(x)**Add (EXOR) Round Key**• Add Round key is Bit wise “exclusive or” of the complete block with the round key. • Simple operation • Round key used only in this step.**Key Scheduler to get round keys**• Initial Round key addition • Consider 128 bit block. • Each round key 128 bits = 4 number of 32 bit words. • Total key 32 bit words 44 = (Initial add round key+ 10 round keys) • How to generate all round key words from 128 bit (4 word) basic key?**Rijndael Key schedule**• We need 44 numbers of 32 bit words W for Nk=4 i.e. 128 bit key. • First four words are given key data itself • Temp= w(i-1) • W(i) = temp exor W(i-4) for all i except multiples of 4 • For i= multiples of 4, temp = subbyte (rotbyte (temp)) exor Rcon(i/4) • Rot byte is one byte circular left shift of the word**Rcon is a word with three Least significant bytes zero. Most**significant byte is as per table.**Key Generation method**• Continue to get 44 words g**S-BOX implementations**• ROM • Logic Synthesis based • Multiplexer based • FOM (figure of Merit): Delay (access time), area, flexibility, insight**Logic Synthesis of S-BOX**b3b2b1b0 1110 0100 1101 0001 0010 1111 1011 1000 0011 1010 0110 1100 0101 1001 0000 0111 • S1 First row • 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 • Analyze the Sequences of b3, b2, b1, b0 • The logic functions assuming an input from a counter counting from zero to 15 are as follows: • b3 = A’C’D’+AB’C+BCD’+AB’C’D+ABC’D • b2=D’C’B’+D’C’BA’+D’CB’A+DC’B+DCB’A’+DCBA • b1=D’C’B’A’+D’CB’+D’CBA’+DC’B’+DC’BA’+DCBA • b0=D’C’B+D’CB’A+D’CBA’+DC’B’A’+DCB’+DCBA**A**B C D b3 = A’C’D’+AB’C+BCD’+AB’C’D+ABC’D b3**S-BOX based on Multiplexer**Input nibble 0011011010001101 b0 Hardwire all inputs of Mux 16:1 to logic one and zero as needed. 1000111011100001 b1 1110010000111001 Delay is a 16:1 multiplexer delay Area 4 16:1 Multiplexers b2 1010011101010100 b3**What you need to learn**• Basic algorithms • Implementation of primitives-efficiently • Implementation options • Combining steps • Efficient key schedule calculation • Agility to change new keys • Properties of S-box, evaluation • Evaluation of Block ciphers –other prmitives rotation, modulo multiplication etc. • Design resistant to side-channel attacks • Software and hardware solutions

More Related