CYG Chapter 5 Fast Block Ciphers
Questions about the lecture 'Cryptography' of the RWTH Aachen Chapter 5 Fast Block Ciphers
Questions about the lecture 'Cryptography' of the RWTH Aachen Chapter 5 Fast Block Ciphers
Kartei Details
| Karten | 53 |
|---|---|
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 21.03.2017 / 20.08.2017 |
| Weblink |
https://card2brain.ch/box/20170321_cyg_chapter_5_fast_block_ciphers
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20170321_cyg_chapter_5_fast_block_ciphers/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Lernkarteien erstellen oder kopieren
Mit einem Upgrade kannst du unlimitiert Lernkarteien erstellen oder kopieren und viele Zusatzfunktionen mehr nutzen.
Melde dich an, um alle Karten zu sehen.
What are the characteristics?
[attacks.security.AES.fastblockciphers, 3]
1. AES128, AES192 and AES256 are attacked by exhaustive key search
2. Faster attacks can be applied when reducing number of rounds
3. Attacks with complexity 2119 and 299.5 are known since 2009
What happened 9.1997?
[history.fastblockciphers]
NIST solicited 21 proposals for a replacement for DES till 6.1998
What are the requirements?
[9.1997.history.fastblockciphers, 2]
1. Block length of 128 bits
2. Key length of 128, 192 and 256 bits
Who are the competitors?
[9.1997.history.fastblockciphers, 5]
1. Rijn-dael by Rijmen and Daemen won
2. MARS by IBM
3. RCG by RSA
4. Serpent by Biham
5. Twofish by Schneier et al.
List them!
[others.fastblockciphers, 6]
1. IDEA by Lai and Massey
2. Blowfish
3. Khazad
4. Anubis
5. Serpent
6. Twofish
What are the characteristics?
[IDEA.others.fastblockciphers, 3]
1. First presented on Eurocrypt in 1990
2. Patented in Europe and USA
3. Non-commercial use is free
How do we define the blockcipher?
[modes.fastblockciphers]
Blockcipher with key K is defined as EK
List them!
[modes.fastblockciphers, 5]
1. ECB
2. CNC
3. OFB
4. CFB
5. CTR
What is the definition?
[ECB.modes.fastblockciphers, 2]
1. Ci = EK(Mi)
2. Mi = EK-1(Ci)
What is the definition?
[CNC.modes.fastblockciphers, 1+2]
1. Use non-secret initial vector C0
2. Ci = EK(Mi xor Ci-1)
3. Mi = EK-1(Ci) xor Ci-1
What is the definition?
[OFB.modes.fastblockciphers, 1+2]
1. Use non-secret initial vector Z0 = C0 and keystream Zi=EK(Zi-1)
2. Ci = Mi xor Zi
3. Mi = Ci xor Zi
What is the definition?
[CFB.modes.fastblockciphers, 1+2]
1. Use non-secret initial vector Z0 = C0 and keystream Zi=EK(Ci-1)
2. Ci = Mi xor Zi
3. Mi = Ci xor Zi = Ci xor EK(Ci-1)
What is the definition?
[CTR.modes.fastblockciphers, 1+2]
1. Use non-secret initial counter Z1 = C0
2. Ci = EK(Zi) xor Mi
3. Mi = EK(Zi) xor Ci
What is the definition?
[messageauth.modes.fastblockciphers, 3]
1. Modifying one pt must affect all subsequent blocks // CBC and CFB
2. Compute Cn for M=(M1,…,Mn)
3. If M is tampered by Oscar into M’ then Cn does not fit M’
What is the definition?
[sharingpassword.modes.fastblockciphers, 2]
1. Generate key K = k(name, password)
2. Store tuple (name, EK(password))
What happened 15.5.1973?
[history.fastblockciphers]
NBS solicited proposals for a cs, choosing DES based on LUCIFER by IBM (Adler et al.)
What happened 1975?
[history.fastblockciphers]
Rumors say that IBM or the NSA installed trapdoor in DES
What happened 17.3.1975?
[history.fastblockciphers]
DES being published and starting a public discussion
What happened 1.1977?
[history.fastblockciphers]
DES adopted as a standard for unclassified applications
What happened 1999?
[history.fastblockciphers]
Last review of DES in a 5 years loop // Was dedicated for 10-15 years and proved to be more durable
What is the definition?
[keygeneration.DES.fastblockciphers]
K0=(k1, …,k7,b1,k9, …,k63,b8) // 56 bits, extended by 8 (odd) parity bits for each 7 bits for error detection
What are the steps?
[roundkeys.keygeneration.DES.fastblockciphers, 3]
1. Devide 56 key bits into 28 bits each C0 and D0
2. Generate Cn,Dn via cyclic leftshift by sn from Cn-1,Dn-1 with n = 1,…,16 and sn := {If n \in {1,2,9,16} then 1; else 2}
3. Of each (Cn,Dn) select 48 bit
What are the steps?
[encryption.DES.fastblockciphers, 4]
1. Get IP of input bits and divide plaintext into blocks of 64 bits
2. Split into two blocks of 32 bits
3. 16 rounds of SBB
4. Obtain inverse IP-1
What are the steps?
[SBB.encryption.DES.fastblockciphers, 3]
1. Expansion map E doubles 16 of 32 input bits and permutes resulting 48 bits
2. Proceed bitwise xor with round key Ki
3. Obtain P via transformation S
What is the definition?
[S.SBB.encryption.DES.fastblockciphers, 4]
1. {0,1}48 → {0,1}32
2. Divide 48 bits into 8 blocks of 6 bits
3. r = 2*bi1 + bi6
4. s = Sumj=25 25-j*bij
What holds?
[encryption.DES.fastblockciphers, 2]
1. Li = Ri-1, Ri = Li-1 xor f(Ri-1,Ki)
2. Ri-1 = Li, Li-1 = Ri xor f(Li,Ki)
What is the definition?
[decryption.DES.fastblockciphers]
Use encryption algorithm with keys in reverse
What are the characteristics?
[exhaustive.security.DES.fastblockciphers, 2]
1. Look for 256 possible keys
2. Realized in 1999 with 100.000 workstations in 22h
What are the characteristics?
[differential.security.DES.fastblockciphers, 3]
1. Lower complexity of attack with differential cryptanalysis
2. Realized in 1992 at CRYPTO by Biham and Shamir
3. Attack is still complex due to S-Boxes // Did IBM knew about this?
What holds for nowadays?
[security.DES.fastblockciphers]
DES can be broken with todays hardware in relatively short time
-
- 1 / 53
-
