[SEC] Cryptography II

Cryptography II

Content

  • Symmetric Encryption
  • Block Ciphers
    • SP-Networks
    • The advanced Encryption Standard
  • Modes of Operation
  • Hash Functions
    • The Birthday Paradox
    • Message Authentication Codes

Symmetric Ciphers

Symmetric ciphers are divided into two categories:

  1. Stream cipher: each plaintext corresponds to one ciphertext
  2. Block cipher

Block Ciphers

  • Block ciphers use a key to encrypt a fixed-size block of plaintext into a fixed-size block of ciphertext
  • If you’re careful, you can convert between block and stream ciphers using modes of operation

SP-Networks

  • Claude Shannon suggested that all that was required for a strong cipher was repeated substitution and permutation
  • SP-Networks combine a substitution process with a permutation into a single round
  • Rounds are then repeated enough times to ensure the algorithm is secure

What does it mean by “permutation”?

It means that the ciphertext can be translated back to plaintext

  • Substitution Boxes - Add confusion by replacing values with other values using a lookup table
    enter image description here
  • Permutation Boxes - Add diffusion by moving values around from input to output
    enter image description here

A simple 8-bits SP-Network

enter image description here
enter image description here

  • This is a single round! One round isn’t enough!
    • Careful analysis of input changes and output changes can reveal the contents of the S-boxes
    • More rounds produces more diffusion
  • Replacing permutation with linear transformation is more effective
    • Each bit is the XOR combination of multiple S-box outputs
  • Large block size
    • An 8-bit block would be vulnerable to dictionary attacks, just pre-compute all possible blocks
    • Typically we see 128-bit and 256-bit block sizes
  • S-box design
    • “Psuedorandomness” of the result is compromised with poor S-box design

Key Mixing

  • The previous SP-Network didn’t use a key, we can add one using XOR:
    enter image description here

Advanced Encryption Standard

  • Superseded DES as a standard in 2002
  • A standard built around the Rijndael Algorithm
  • Rijndael is an SP-network with a 128-bit block size, and a key length of 128, 192 or 256-bits
  • Round count depends on key length
    • 10,12 or 14 cycles
  • AES is vastly superior to DES, which had a 64-bit block and 56 bit key
    enter image description here

AES Security

  • Is currently the standard algorithm for symmetric encryption, and is likely to remain that way
  • How good is it?
    • \(2^{128}\) keys, let’s say we get lucky and crack it at \(2^{127}\)
    • Long time, almost impossible

Block Cipher Modes

  • Most message don’t come in convenient 128-block lengths
  • We’ll need to run a block cipher repeatedly on consecutive blocks
  • Why not just use a stream cipher?
    • Historically stream ciphers have proven harder to implement
    • ChaCha20 is pretty good

Electronic Code Book(ECB)

  • Just encrypt each block one after another
    • Weak to redundant data divulging patterns

Cipher Block Chaining(CBC)

  • XOR the output of each cipher block with the next input
    • Not totally immune to the insertion of malicious blocks
      enter image description here

Counter Mode(CTR)

  • Encrypting a counter to produce a stream cipher
    • Can be parallelized
      enter image description here

Galois Counter Mode(GCM)

  • Extends counter mode to add authenticity
    • The sender definitely sent that message, and it hasn’t changed
  • Very similar to counter mode, but adds an authentication tag
    • The tag is calculated using multiplication in a Galois Finite field GF
    • Extremely parallelisable
    • Robust to message alteration

Hash Functions

enter image description here

Strong Hash Functions

  • The output must be indistinguishable from random noise
  • Bit changes must diffused through the entire output
  • Usually hash functions iteratively jumble blocks of a message after another
  • Once all the message is gone, we read the current hash
  • The initial hash is usually defined in the spec
  • For a hash function to be useful, we need it to have some important properties
    • One-way: Given h(M), we can’t calculate M easily
    • Weak collision resistance: Given M and h(M), we cannot find some M’ such that h(M) = h(M’)
    • Strong collision resistanceL We can’t find some message pair M \(\neq\) M’, such that h(M) = h(M’)

The birthday paradox

enter image description here

  • The output of the hash must be long enough to avoid a birthday attack
  • Given a hash function outputs n bit hashes
  • You will find a collision after about \(2^{n/2}\) random attempts

Some notable examples

enter image description here

Message Authentication Codes

  • Provide integrity and authenticity, not confidentiality
    • Protecting system files
    • Ensuring message haven’t been altered
  • Calculate a keyed hash of the message, then append this to the end of the message

HMAC

enter image description here

评论

发表评论

此博客中的热门博文

[MLE] Linear Classification

图片
Linear Classification Discriminant functions Least squares for classification Fisher’s linear discriminant K-Nearest Neighbour(KNN) Classification What’s decision boundaries/linearly separable? The goal in classification is to take an input vector x and to assign it to one of K discrete classes \(C_k\) where k = 1,…,K. In the most common scenario, the classes are taken to be disjoint, so that each input is assigned to one and only one class. The input space is thereby divided into decision regions whose boundaries are called decision boundaries or decision surfaces. In this blog, we consider linear models for classification , by which we mean that the decision surfaces are linear functions of the input vector x and hence are defined by (D-1) -dimensional hyperplanes within the D-dimensional input space. For example: in 3D input space, the decision boundary will be a 2D surface What is Linear Separability Linearly separable data: Datasets whose classes can be separated by
阅读全文

[AIM] MetaHeuristics

图片
Day2 Outline Metaheuristics -definition Single point based search method(simple stochastic local search) Iterated local search Scheduling Tabu Search Metaheuristic what is a metaheuristic? A metaheuristic is a high-level problem independent algorithmic framework that provides a set of guidelines or strategies to develop heuristic optimization algorithms. what is the difference between heuristic and metaheuristic? Heuristic : Heuristics are problem-dependent techniques. As such, they usually are adapted to the problem at hand and they try to take full advantage of the particularities of this problem. However, because they are often too greedy, they usually get trapped in a local optimum and thus fail, in general, to obtain the global optimum solution. Metaheuristic : Meta-heuristics, on the other hand, are problem-independent techniques . As such, they do not take advantage of any specificity of the problem and, therefore, can be used as black boxes . In general, t
阅读全文

[CS231] Neural Networks

图片
Neural Network Table of Contents: Quick intro without brain analogies Modeling one neuron Biological motivation and connections Single neuron as a linear classifier Commonly used activation functions Neural Network architectures Layer-wise organization Summary Additional references Quick intro It is possible to introduce neural networks without appealing to brain analogies. In the section on linear classification we computed scores for different visual categories given the image using the formula \( s = W x \), where \(W\) was a matrix and \(x\) was an input column vector containing all pixel data of the image. In the case of CIFAR-10, \(x\) is a [3072x1] column vector, and \(W\) is a [10x3072] matrix, so that the output scores is a vector of 10 class scores. An example neural network would instead compute \( s = W_2 \max(0, W_1 x) \). Here, \(W_1\) could be, for example, a [100x3072] matrix transforming the image into a 100-dimensional intermediate vector. The funct
阅读全文