Next Classes - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Next Classes

Description:

Also interesting: http://csrc.nist.gov/encryption/aes/ On ... Mid Term. RC6. Round in the normal way= half of the data is updated by other half. Key ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 14
Provided by: and6165
Category:
Tags: classes | halfterm | next

less

Transcript and Presenter's Notes

Title: Next Classes


1
Next Classes
  • On February 19th -gt No class
  • Reading assignment Rijndael
  • http//www.esat.kuleuven.ac.be/rijmen/rijndael/ri
    jndaeldocV2.zip
  • Also interesting http//csrc.nist.gov/encryption/
    aes/
  • On February 21th -gt Number Theory
  • On February 26th-gt Review
  • On February 28th -gtMid Term

2
RC6
  • Round in the normal way half of the data is
    updated by other half
  • Key schedule
  • S0, 2r3 are derived from b bytes
  • Each S is a word of w bits
  • S0Pw
  • For i 1 to 2r3 do
  • SiSi-1 Qw
  • ABIj0
  • V3maxc, 2r4
  • For s1 to v do
  • ASI(SIAB)ltltlt3
  • BLj(LjAB)ltltlt(AB)
  • I(I1)mod(2r4)
  • J(j1) mod c

3
RC6
  • Design Goals
  • Security
  • Simplicity
  • Good Performance
  • Security and simplicity
  • Based on the analysis performed on RC5 (show)
  • Good Performance
  • RC5-32/12/b may be broken soon
  • The introduction of the quadratic function
    f(x)2x1 and the rotation by five makes it
    stronger

4
RC6
  • Good Performance
  • F(x) provides a faster rate of diffusion than in
    RC5
  • The rotation by 5 complicates linear and
    differential cryptanalysis
  • The techniques for breaking 12 round cannot be
    expanded to 16 rounds

5
RC6
  • Security
  • The best attack on RC6 appears to be exhaustive
    search for the key
  • The data requirements for more sophisticated
    attacks like linear and differential
    cryptanalysis exceed the available data
  • There is no known weak keys

6
Serpent
  • Serpent A Proposal for the Advanced Encryption
    Standard By Ross Anderson, Eli Biham, and Lars
    Knudsen. http//www.ftp.cl.cam.ac.uk/ftp/users/rja
    14/serpent.pdf
  • It is a 32 rounds SP-network operating on four
    32-bit words.
  • Uses 33 128-bits keys (132 32-bit words)
  • Use a variation of DES S-Boxes
  • Inspired on bitslice implementations of DES

7
Serpent
  • Key Schedule
  • First pad the supplied key to 256 bits
  • Place a 1 in the MSB followed by as many 0s as
    required
  • The key is then divided in eight 32-bits word as
  • K(w-8, ., w-1)
  • Generate then w0, , w131 using
  • wi (wi - 8? wi - 5 ? wi - 3 ? wi - 1 ? ?? i)
    ltltlt 11
  • Where ? is the fractional part of the golden
    ratio (?5 1)/2, or 0x9e3779b9

8
Serpent
  • Key Schedule
  • Generate k0, ,k131 as
  • k0 k1 k2 k3 S3(w0 w1 w2 w3)
  • k4 k5 k6 k7 S2(w4 w5 w6 w7)
  • k8 k9 k10 k11 S1(w8 w9 w10 w11)
  • k12 k13 k14 k15 S0(w12 w13 w14 w15)
  • k16 k17 k18 k19 S7(w16 w17 w18 w19)
  • k124 k125 k126 k127 S4(w124 w125 w126
    w127)
  • k128 k129 k130 k131 S3(w128 w129 w130
    w131)
  • Then
  • Ki k4i k4i1 k4i2 k4i3 and
  • Apply IP to Ki.

9
Serpent
  • The encryption algorithm
  • B0IP(P)
  • Bi1Ri(Bi)
  • CFP(B32)
  • With
  • Ri(X) L(Si(X?Ki)) i0,,30
  • Ri(X) Si(X?Ki) ? K32 i31

10
Serpent
  • The Linear Transformation
  • X0X1X2X3 Si(Bi?Ki)
  • X0 X0 ltltlt 13
  • X2 X2 ltltlt 3
  • X1 X1 ? X0 ? X2
  • X3 X3 ? X2 ? (X0 ltlt 3)
  • X1 X1 ltltlt 1
  • X3 X3 ltltlt 7
  • X0 X0 ? X1 ? X3
  • X2 X2 ? X3 ? (X1 ltlt 7)
  • X0 X0 ltltlt 5
  • X2 X2 ltltlt 22
  • Bi1 X0X1X2X3

11
Serpent
  • The linear transformation
  • Maximize the avalanche effect.
  • The S-boxes have the property that a single input
    bit change will cause two output bits to change
    as the difference sets of 0, 1, 3, 5, 7, 13, 22
    modulo 32 have no common member (except one), it
    follows that a single input bit change will cause
    a maximal number of bit changes after two and
    more rounds. The effect is that each plaintext
    bit affects all the data bits after three rounds,
    as does each round key bit.
  • It is simple, and can be used in a modern
    processor with a minimum number of pipeline
    stalls.
  • It was analyzed by programs they developed for
    investigating block ciphers, and found bounds on
    the probabilities of the differential and linear
    characteristics.

12
Serpent
  • The S-Boxes properties
  • each differential characteristic has a
    probability of at most 1/4, and a one-bit input
    difference will never lead to a one-bit output
    difference
  • each linear characteristic has a probability in
    the range ½-1/4 , and a linear relation between
    one single bit in the input and one single bit in
    the output has a probability in the range ½-1/8
  • the nonlinear order of the output bits as a
    function of the input bits is the maximum, namely
    3.

13
Serpent
  • Attacks
  • Dictionary
  • Need 2128 different plaintexts
  • Differential Cryptanalysis
  • Probability of the best 28-round differential is
    not higher than 2-120
  • Linear Cryptanalysis
  • 28-rounds needs at least 2240 blocks
  • Timing attacks
  • Not applicable
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Next Classes" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!